-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ENHANCEMENTS] Dissallow old TLS Versions #21
Comments
I agree, but I am following the Golang team decision regarding the default minimum supported TLS versions of the tls listener. I just take a look at the code, it would be a really easy thing to do by just hard code the min version into it like this. //mod/dynamicproxy/dynamicproxy.go
config := &tls.Config{
GetCertificate: router.Option.TlsManager.GetCert,
MinVersion: tls.VersionTLS12,
} But for some user that might be using legacy systems, it is better not to hard code it. I think I can add a way to let user pick which minimum version to be used, but it won't be a simple checkbox or dropdown as Zoraxy is more designed for entry level users. I will come back to this enhancement once I figure out a better implementation of the UX for this function. |
Yes! Thanks for the input. Edited the file and build from source. Now the server only serves with TLS1.2 and TLS1.3. I'm only using Zoraxy for private service so I know, that all of the devices connecting will support the newest version. Backwards compatibility is not a concern for me. |
Feature added |
Is your feature request related to a problem? Please describe.
When doing a Security-Scan of my environment, i received the warning, that TLS 1.0 and 1.1 are still available on port 443:
Describe the solution you'd like
There should be a way to disable the use of such old and deprecated versions of TLS.
The text was updated successfully, but these errors were encountered: