README.md: Fixed typo

main.go: Added error for unknown TLS min versions main.go: Changed CurvePreferences in TLS config to Go default main.go: Removed handling for TLS min versions 1.0 and 1.1 Signed-off-by: darkspir <forgejo.darkspir@teemitmil.ch>
2025-10-19 15:43:21 +00:00 · 2025-02-08 12:18:16 +01:00 · 2025-02-08 12:18:16 +01:00 · 9b91cd9279
commit 9b91cd9279
parent 0679d0a9c0
2 changed files with 2 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -49,7 +49,7 @@ Flags:
      --tls                    turn on TLS support
      --tls-cert string        TLS certificate path
      --tls-key string         TLS key path
-      --tls-min-ver string     TLS min version (default: 1.2) (default "1.2")
+      --tls-min-ver string     TLS min version (default: 1.2)
  -v, --version                version for rest-server
 ```
--- a/cmd/rest-server/main.go
+++ b/cmd/rest-server/main.go
@ -181,7 +181,6 @@ func (app *restServerApp) runRoot(_ *cobra.Command, _ []string) error {
 	tlscfg := &tls.Config{
 		MinVersion:       tls.VersionTLS12,
 		CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 		CipherSuites: []uint16{
 			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@ -192,18 +191,12 @@ func (app *restServerApp) runRoot(_ *cobra.Command, _ []string) error {
 		},
 	}
 	switch app.Server.TLSMinVer {
 	case "1.0":
 		// Only available with GODEBUG="tls10server=1"
 		tlscfg.MinVersion = tls.VersionTLS10
 	case "1.1":
 		// Only available with GODEBUG="tls10server=1"
 		tlscfg.MinVersion = tls.VersionTLS11
 	case "1.2":
 		tlscfg.MinVersion = tls.VersionTLS12
 	case "1.3":
 		tlscfg.MinVersion = tls.VersionTLS13
 	default:
-		tlscfg.MinVersion = tls.VersionTLS12
+		return fmt.Errorf("Unsupported TLS min version: %s", app.Server.TLSMinVer)
 	}
 	srv := &http.Server{