From f8a0844647aa2f094095d34beb904fe44e76ca1a Mon Sep 17 00:00:00 2001 From: Michael Boquard Date: Fri, 12 Jul 2024 16:30:21 -0400 Subject: [PATCH] net: Using tls_min_version Signed-off-by: Michael Boquard --- src/v/cloud_storage_clients/configuration.cc | 2 ++ src/v/config/tls_config.cc | 3 +++ 2 files changed, 5 insertions(+) diff --git a/src/v/cloud_storage_clients/configuration.cc b/src/v/cloud_storage_clients/configuration.cc index c6d3e26b54942..02c2e73f39402 100644 --- a/src/v/cloud_storage_clients/configuration.cc +++ b/src/v/cloud_storage_clients/configuration.cc @@ -33,6 +33,8 @@ build_tls_credentials( cred_builder.set_ciphersuites( {config::tlsv1_3_ciphersuites.data(), config::tlsv1_3_ciphersuites.size()}); + cred_builder.set_minimum_tls_version( + from_config(config::shard_local_cfg().tls_min_version())); if (trust_file.has_value()) { auto file = trust_file.value(); vlog(log.info, "Use non-default trust file {}", file()); diff --git a/src/v/config/tls_config.cc b/src/v/config/tls_config.cc index 91c5063aeb36a..f7b9b6a979e72 100644 --- a/src/v/config/tls_config.cc +++ b/src/v/config/tls_config.cc @@ -11,6 +11,7 @@ #include "tls_config.h" +#include "config/configuration.h" #include "config/convert.h" #include "utils/to_string.h" @@ -29,6 +30,8 @@ tls_config::get_credentials_builder() const& { {tlsv1_2_cipher_string.data(), tlsv1_2_cipher_string.size()}); builder.set_ciphersuites( {tlsv1_3_ciphersuites.data(), tlsv1_3_ciphersuites.size()}); + builder.set_minimum_tls_version( + from_config(config::shard_local_cfg().tls_min_version())); builder.set_dh_level(ss::tls::dh_params::level::MEDIUM); if (_require_client_auth) { builder.set_client_auth(ss::tls::client_auth::REQUIRE);