From 5c1c304d30113b5727867123f7b9f6f9cbc08b5a Mon Sep 17 00:00:00 2001
From: Sarthak Vage <sarthakvage@Sarthaks-MacBook-Pro.local>
Date: Fri, 22 Sep 2023 17:10:58 +0530
Subject: [PATCH] Update TlsMinVersion to latest version 13

---
 pkg/plugin/client/https2http.go  | 2 +-
 pkg/plugin/client/https2https.go | 2 +-
 pkg/transport/tls.go             | 4 ++--
 pkg/util/vhost/https.go          | 2 +-
 server/dashboard.go              | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkg/plugin/client/https2http.go b/pkg/plugin/client/https2http.go
index 146a52c2..d1fe997b 100644
--- a/pkg/plugin/client/https2http.go
+++ b/pkg/plugin/client/https2http.go
@@ -120,7 +120,7 @@ func (p *HTTPS2HTTPPlugin) genTLSConfig() (*tls.Config, error) {
 
 	config := &tls.Config{
 		Certificates: []tls.Certificate{cert},
-		MinVersion:   tls.VersionTLS12,
+		MinVersion:   tls.VersionTLS13,
 	}
 	return config, nil
 }
diff --git a/pkg/plugin/client/https2https.go b/pkg/plugin/client/https2https.go
index 59b6d8d2..c9194398 100644
--- a/pkg/plugin/client/https2https.go
+++ b/pkg/plugin/client/https2https.go
@@ -126,7 +126,7 @@ func (p *HTTPS2HTTPSPlugin) genTLSConfig() (*tls.Config, error) {
 
 	config := &tls.Config{
 		Certificates: []tls.Certificate{cert},
-		MinVersion:   tls.VersionTLS12,
+		MinVersion:   tls.VersionTLS13,
 	}
 	return config, nil
 }
diff --git a/pkg/transport/tls.go b/pkg/transport/tls.go
index ee53a1b7..c95e89f6 100644
--- a/pkg/transport/tls.go
+++ b/pkg/transport/tls.go
@@ -73,7 +73,7 @@ func newCertPool(caPath string) (*x509.CertPool, error) {
 
 func NewServerTLSConfig(certPath, keyPath, caPath string) (*tls.Config, error) {
 	base := &tls.Config{
-		MinVersion: tls.VersionTLS12,
+		MinVersion: tls.VersionTLS13,
 	}
 
 	if certPath == "" || keyPath == "" {
@@ -104,7 +104,7 @@ func NewServerTLSConfig(certPath, keyPath, caPath string) (*tls.Config, error) {
 
 func NewClientTLSConfig(certPath, keyPath, caPath, serverName string) (*tls.Config, error) {
 	base := &tls.Config{
-		MinVersion: tls.VersionTLS12,
+		MinVersion: tls.VersionTLS13,
 	}
 
 	if certPath != "" && keyPath != "" {
diff --git a/pkg/util/vhost/https.go b/pkg/util/vhost/https.go
index 2a142a79..f40afb16 100644
--- a/pkg/util/vhost/https.go
+++ b/pkg/util/vhost/https.go
@@ -56,7 +56,7 @@ func readClientHello(reader io.Reader) (*tls.ClientHelloInfo, error) {
 	// As long as the Client Hello is successfully read, the failure should only happen after GetConfigForClient is called,
 	// so we only care about the error if hello was never set.
 	err := tls.Server(readOnlyConn{reader: reader}, &tls.Config{
-		MinVersion: tls.VersionTLS12,
+		MinVersion: tls.VersionTLS13,
 		GetConfigForClient: func(argHello *tls.ClientHelloInfo) (*tls.Config, error) {
 			hello = &tls.ClientHelloInfo{}
 			*hello = *argHello
diff --git a/server/dashboard.go b/server/dashboard.go
index 06aef7ad..baca75e6 100644
--- a/server/dashboard.go
+++ b/server/dashboard.go
@@ -88,7 +88,7 @@ func (svr *Service) RunDashboardServer(address string) (err error) {
 			return err
 		}
 		tlsCfg := &tls.Config{
-			MinVersion:   tls.VersionTLS12,
+			MinVersion:   tls.VersionTLS13,
 			Certificates: []tls.Certificate{cert},
 		}
 		ln = tls.NewListener(ln, tlsCfg)