tlstun

simple go program to add tls support to other listeners
git clone https://git.parazyd.org/tlstun
Log | Files | Refs | README | LICENSE
commit 39b27c5d1587742ae027a194d09a22102dc92e50
parent 2154d3738ec30d05d284afa66f6f41afac39ca1b
Author: parazyd <parazyd@dyne.org>
Date:   Tue,  9 Jul 2019 15:38:09 +0200

Allow different TLS versions.

Diffstat:

Mtlstun.go | 15+++++++++++----


1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/tlstun.go b/tlstun.go
@@ -48,10 +48,7 @@ func tlsConfig(cert, key string) (*tls.Config, error) {
 		return nil, err
 	}
 
-	tlscfg := &tls.Config{
-		Certificates: []tls.Certificate{creds},
-		MinVersion:   tls.VersionTLS12,
-	}
+	tlscfg := &tls.Config{Certificates: []tls.Certificate{creds}}
 
 	if *client {
 		certpool := x509.NewCertPool()
@@ -66,6 +63,16 @@ func tlsConfig(cert, key string) (*tls.Config, error) {
 		tlscfg.ClientAuth = tls.RequireAndVerifyClientCert
 	}
 
+	switch *tlsver {
+	case 11:
+		tlscfg.MinVersion = tls.VersionTLS11
+	case 12:
+		tlscfg.MinVersion = tls.VersionTLS12
+	case 13:
+	default:
+		tlscfg.MinVersion = tls.VersionTLS13
+	}
+
 	return tlscfg, nil
 }