redis/go-redis
1
0
Fork 0
mirror of https://github.com/redis/go-redis.git synced 2025-09-02 22:01:16 +03:00
Code Activity

Potential fix for code scanning alert no. 13: Insecure TLS configuration

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
ofekshenawa
2025-08-14 11:37:53 +03:00
committed by GitHub
parent 1cfe757f09
commit a4436229e3
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
options.go
View File

@@ -602,14 +602,17 @@ func setupConnParams(u *url.URL, o *Options) (*Options, error) {
if minVer < 0 || minVer > 65535 {
return nil, fmt.Errorf("redis: invalid tls_min_version: %d (must be between 0 and 65535)", minVer)
}
// Handle TLS version setting securely
// Always set MinVersion to at least TLS 1.2
if minVer == 0 {
// Don't set MinVersion, let Go use its secure default
o.TLSConfig.MinVersion = tls.VersionTLS12
} else if minVer < int(tls.VersionTLS12) {
return nil, fmt.Errorf("redis: tls_min_version %d is insecure (minimum allowed is TLS 1.2: %d)", minVer, tls.VersionTLS12)
} else {
o.TLSConfig.MinVersion = uint16(minVer)
}
} else {
// If not set, default to TLS 1.2
o.TLSConfig.MinVersion = tls.VersionTLS12
}
if q.has("tls_max_version") {
maxVer := q.int("tls_max_version")