redis/go-redis
1
0
Fork 0
mirror of https://github.com/redis/go-redis.git synced 2025-09-02 22:01:16 +03:00
Code Activity

Potential fix for code scanning alert no. 14: Insecure TLS configuration

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
ofekshenawa
2025-08-14 11:40:43 +03:00
committed by GitHub
parent a4436229e3
commit 2614ca0e7e
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
osscluster.go
View File

@@ -329,14 +329,17 @@ func setupClusterQueryParams(u *url.URL, o *ClusterOptions) (*ClusterOptions, er
if minVer < 0 || minVer > 65535 {
return nil, fmt.Errorf("redis: invalid tls_min_version: %d (must be between 0 and 65535)", minVer)
}
// Handle TLS version setting securely
// Always enforce TLS 1.2 as minimum
if minVer == 0 {
// Don't set MinVersion, let Go use its secure default
o.TLSConfig.MinVersion = tls.VersionTLS12
} else if minVer < int(tls.VersionTLS12) {
return nil, fmt.Errorf("redis: tls_min_version %d is insecure (minimum allowed is TLS 1.2: %d)", minVer, tls.VersionTLS12)
} else {
o.TLSConfig.MinVersion = uint16(minVer)
}
} else {
// If not specified, always set minimum to TLS 1.2
o.TLSConfig.MinVersion = tls.VersionTLS12
}
if q.has("tls_max_version") {
maxVer := q.int("tls_max_version")