You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've noticed that our server configuration, specifically in the RunHTTPServer function located in appleboy/gorush/router/server_normal.go, currently supports TLS 1.0 and TLS 1.1. Given the current year (2024), it's critical to acknowledge that TLS 1.2 has been widely adopted and is supported by nearly 100% of modern services. In contrast, only about 30% of sites continue to support TLS 1.0 primarily for compatibility reasons.
Justification:
Security Vulnerabilities: TLS 1.0 and TLS 1.1 contain known vulnerabilities that have been addressed in TLS 1.2 and later versions.
Industry Standards: The majority of web traffic today is secured via TLS 1.2 or higher, reflecting a shift in industry standards toward more robust encryption methods.
Client Compatibility: With TLS 1.2 being widely supported across browsers and devices, the removal of TLS 1.0 and TLS 1.1 support does not significantly impact compatibility with end users.
Proposed Solution:
To enhance the security posture of our application, I recommend updating the TLS support in the RunHTTPServer function to negotiate TLS 1.2 as the minimum version. This involves modifying the TLS configuration used by the server to disallow connections using TLS 1.0 and TLS 1.1.
Description:
I've noticed that our server configuration, specifically in the
RunHTTPServer
function located inappleboy/gorush/router/server_normal.go
, currently supports TLS 1.0 and TLS 1.1. Given the current year (2024), it's critical to acknowledge that TLS 1.2 has been widely adopted and is supported by nearly 100% of modern services. In contrast, only about 30% of sites continue to support TLS 1.0 primarily for compatibility reasons.Justification:
Proposed Solution:
To enhance the security posture of our application, I recommend updating the TLS support in the
RunHTTPServer
function to negotiate TLS 1.2 as the minimum version. This involves modifying the TLS configuration used by the server to disallow connections using TLS 1.0 and TLS 1.1.Additional Information:
https://www.ssllabs.com/ssl-pulse/
The text was updated successfully, but these errors were encountered: