MinVersion is missing from this TLS configuration GO-S1020MinVersion is missing from this TLS configuration: tls.Config105 return err
106 }
107
108 tlsconfig := &tls.Config{109 InsecureSkipVerify: opts.SkipVerify,
110 ServerName: host,
111 }MinVersion is missing from this TLS configuration: tls.Config37
38 if c.TLS {
39 if ok, _ := client.Extension("STARTTLS"); ok {
40 if err = client.StartTLS(&tls.Config{41 InsecureSkipVerify: c.SkipVerify,
42 ServerName: c.Host,
43 }); err != nil {MinVersion is missing from this TLS configuration: tls.Config156func dial(ls *Config) (*ldap.Conn, error) {
157 log.Trace("LDAP: Dialing with security protocol '%v' without verifying: %v", ls.SecurityProtocol, ls.SkipVerify)
158
159 tlsCfg := &tls.Config{160 ServerName: ls.Host,
161 InsecureSkipVerify: ls.SkipVerify,
162 }MinVersion is missing from this TLS configuration: tls.Config28 Username: strings.TrimSpace(login),
29 Password: strings.TrimSpace(password),
30 Transport: &http.Transport{
31 TLSClientConfig: &tls.Config{InsecureSkipVerify: c.SkipVerify},32 },
33 }
34 client, err := github.NewEnterpriseClient(c.APIEndpoint, c.APIEndpoint, tp.Client())
Description
MinVersion is missing from this TLS configuration. As the default value is
TLS 1.0, which is considered insecure, it is recommended to explicitly set the
MinVersion to a secure version of TLS, such as VersionTLS13.
Bad practice
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
KeyLogWriter: w,
Rand: rand{},
InsecureSkipVerify: true,
},
},
}
Recommended
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
KeyLogWriter: w,
MinVersion: tls.VersionTLS13, // min version set
Rand: rand{},
InsecureSkipVerify: true,
},
},
}