[ENHANCEMENTS] Dissallow old TLS Versions #21
Comments
|
I agree, but I am following the Golang team decision regarding the default minimum supported TLS versions of the tls listener. I just take a look at the code, it would be a really easy thing to do by just hard code the min version into it like this. //mod/dynamicproxy/dynamicproxy.go
config := &tls.Config{
GetCertificate: router.Option.TlsManager.GetCert,
MinVersion: tls.VersionTLS12,
}But for some user that might be using legacy systems, it is better not to hard code it. I think I can add a way to let user pick which minimum version to be used, but it won't be a simple checkbox or dropdown as Zoraxy is more designed for entry level users. I will come back to this enhancement once I figure out a better implementation of the UX for this function. |
Yes! Thanks for the input. Edited the file and build from source. Now the server only serves with TLS1.2 and TLS1.3. I'm only using Zoraxy for private service so I know, that all of the devices connecting will support the newest version. Backwards compatibility is not a concern for me. |
|
|
|
Feature added |
Is your feature request related to a problem? Please describe.
When doing a Security-Scan of my environment, i received the warning, that TLS 1.0 and 1.1 are still available on port 443:
Describe the solution you'd like
There should be a way to disable the use of such old and deprecated versions of TLS.
The text was updated successfully, but these errors were encountered: