Closed xinlongz1 closed 7 months ago
TLS 1.0 is considered vulnerability and requested to be disabled.
It should be a noop change since in the client side, we don't set minVersion and MaxVersion field in the TLS config so the default minVersion is 1.2 and the default maxVersion is 1.3.
For example, Kraken internal clients TLS config: https://sourcegraph.com/github.com/uber/kraken@master/-/blob/utils/httputil/tls.go?L91 uBuild TLS config: https://sg.uberinternal.com/code.uber.internal/uber-code/go-code/-/blob/src/code.uber.internal/infra/ubuild/build/gateway/kraken/http_client.go?L63
TLS 1.0 is considered vulnerability and requested to be disabled.
It should be a noop change since in the client side, we don't set minVersion and MaxVersion field in the TLS config so the default minVersion is 1.2 and the default maxVersion is 1.3.
For example, Kraken internal clients TLS config: https://sourcegraph.com/github.com/uber/kraken@master/-/blob/utils/httputil/tls.go?L91 uBuild TLS config: https://sg.uberinternal.com/code.uber.internal/uber-code/go-code/-/blob/src/code.uber.internal/infra/ubuild/build/gateway/kraken/http_client.go?L63