From 8ae74b38d5c4423f333280c970088bc925b56fa1 Mon Sep 17 00:00:00 2001 From: Tibor Vass Date: Fri, 17 Aug 2018 17:53:22 +0000 Subject: [PATCH] vendor: update tlsconfig in go-connections to 7395e3f8aa162843a74ed6d48e79627d9792ac55 Signed-off-by: Tibor Vass --- vendor.conf | 2 +- vendor/github.com/docker/go-connections/tlsconfig/config.go | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/vendor.conf b/vendor.conf index 8073acd248..3f10a7d64d 100755 --- a/vendor.conf +++ b/vendor.conf @@ -13,7 +13,7 @@ github.com/docker/docker-credential-helpers 5241b46610f2491efdf9d1c85f1ddf5b02f6 # the docker/go package contains a customized version of canonical/json # and is used by Notary. The package is periodically rebased on current Go versions. github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 -github.com/docker/go-connections 7beb39f0b969b075d1325fecb092faf27fd357b6 +github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 github.com/docker/go-metrics d466d4f6fd960e01820085bd7e1a24426ee7ef18 github.com/docker/go-units 47565b4f722fb6ceae66b95f853feed578a4a51c # v0.3.3 diff --git a/vendor/github.com/docker/go-connections/tlsconfig/config.go b/vendor/github.com/docker/go-connections/tlsconfig/config.go index f11f166a44..0ef3fdcb46 100644 --- a/vendor/github.com/docker/go-connections/tlsconfig/config.go +++ b/vendor/github.com/docker/go-connections/tlsconfig/config.go @@ -46,8 +46,6 @@ var acceptedCBCCiphers = []uint16{ tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_RSA_WITH_AES_128_CBC_SHA, } // DefaultServerAcceptedCiphers should be uses by code which already has a crypto/tls @@ -67,8 +65,8 @@ var allTLSVersions = map[uint16]struct{}{ // ServerDefault returns a secure-enough TLS configuration for the server TLS configuration. func ServerDefault(ops ...func(*tls.Config)) *tls.Config { tlsconfig := &tls.Config{ - // Avoid fallback by default to SSL protocols < TLS1.0 - MinVersion: tls.VersionTLS10, + // Avoid fallback by default to SSL protocols < TLS1.2 + MinVersion: tls.VersionTLS12, PreferServerCipherSuites: true, CipherSuites: DefaultServerAcceptedCiphers, }