net: Using tls_min_version

Signed-off-by: Michael Boquard <michael@redpanda.com>
redpanda-data · Jul 17, 2024 · f8a0844 · f8a0844
1 parent c00ae2d
commit f8a0844
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/src/v/cloud_storage_clients/configuration.cc b/src/v/cloud_storage_clients/configuration.cc
@@ -33,6 +33,8 @@ build_tls_credentials(
     cred_builder.set_ciphersuites(
       {config::tlsv1_3_ciphersuites.data(),
        config::tlsv1_3_ciphersuites.size()});
+    cred_builder.set_minimum_tls_version(
+      from_config(config::shard_local_cfg().tls_min_version()));
     if (trust_file.has_value()) {
         auto file = trust_file.value();
         vlog(log.info, "Use non-default trust file {}", file());

diff --git a/src/v/config/tls_config.cc b/src/v/config/tls_config.cc
@@ -11,6 +11,7 @@
 
 #include "tls_config.h"
 
+#include "config/configuration.h"
 #include "config/convert.h"
 #include "utils/to_string.h"
 
@@ -29,6 +30,8 @@ tls_config::get_credentials_builder() const& {
                 {tlsv1_2_cipher_string.data(), tlsv1_2_cipher_string.size()});
               builder.set_ciphersuites(
                 {tlsv1_3_ciphersuites.data(), tlsv1_3_ciphersuites.size()});
+              builder.set_minimum_tls_version(
+                from_config(config::shard_local_cfg().tls_min_version()));
               builder.set_dh_level(ss::tls::dh_params::level::MEDIUM);
               if (_require_client_auth) {
                   builder.set_client_auth(ss::tls::client_auth::REQUIRE);