Upgrade TLS Support to TLS 1.2 and Above in RunHTTPServer Function

[nyxfqq]

Description:

I've noticed that our server configuration, specifically in the RunHTTPServer function located in appleboy/gorush/router/server_normal.go, currently supports TLS 1.0 and TLS 1.1. Given the current year (2024), it's critical to acknowledge that TLS 1.2 has been widely adopted and is supported by nearly 100% of modern services. In contrast, only about 30% of sites continue to support TLS 1.0 primarily for compatibility reasons.

Justification:

• Security Vulnerabilities: TLS 1.0 and TLS 1.1 contain known vulnerabilities that have been addressed in TLS 1.2 and later versions.
• Industry Standards: The majority of web traffic today is secured via TLS 1.2 or higher, reflecting a shift in industry standards toward more robust encryption methods.
• Client Compatibility: With TLS 1.2 being widely supported across browsers and devices, the removal of TLS 1.0 and TLS 1.1 support does not significantly impact compatibility with end users.

Proposed Solution:

To enhance the security posture of our application, I recommend updating the TLS support in the RunHTTPServer function to negotiate TLS 1.2 as the minimum version. This involves modifying the TLS configuration used by the server to disallow connections using TLS 1.0 and TLS 1.1.

Additional Information:

https://www.ssllabs.com/ssl-pulse/