From 6ba32131be6a79c4d5d070e666e81bfedcc09798 Mon Sep 17 00:00:00 2001
From: crozzy <joseph.crosland@gmail.com>
Date: Thu, 4 Jan 2024 15:24:45 -0800
Subject: [PATCH] config: update minimum TLS version for server

The config is used both when setting up the HTTP API and
for the notifier's Deliverer.

Backports: #1945
Signed-off-by: Hank Donnay <hdonnay@redhat.com>
Signed-off-by: crozzy <joseph.crosland@gmail.com>
(cherry picked from commit 18aa1b3e7aed3867e22c170258f3e6a0fad6969d)
---
 config/tls.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/tls.go b/config/tls.go
index 23881fb7ee..b56077cd5d 100644
--- a/config/tls.go
+++ b/config/tls.go
@@ -55,6 +55,7 @@ func (t *TLS) Config() (*tls.Config, error) {
 		return nil, fmt.Errorf("failed to read x509 cert and key pair: %w", err)
 	}
 	cfg.Certificates = append(cfg.Certificates, cert)
+	cfg.MinVersion = tls.VersionTLS12
 
 	return &cfg, nil
 }