Skip to content

Commit

Permalink
Apply Minimum TLS version to the API server (Velocidex#2383)
Browse files Browse the repository at this point in the history
  • Loading branch information
@scudette
scudette authored Jan 17, 2023
1 parent 4b419a4 commit 6082bd0
Showing 1 changed file with 12 additions and 6 deletions.
18 changes: 12 additions & 6 deletions api/api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1098,12 +1098,18 @@ func startAPIServer(
}

// Create the TLS credentials
creds := credentials.NewTLS(&tls.Config{
// Only accept certs signed by the CA
ClientAuth: tls.RequireAndVerifyClientCert,
Certificates: []tls.Certificate{cert},
ClientCAs: CA_Pool,
})
tls_config := &tls.Config{}
err = getTLSConfig(config_obj, tls_config)
if err != nil {
return err
}

// Only accept certs signed by the Velociraptor internal CA
tls_config.ClientAuth = tls.RequireAndVerifyClientCert
tls_config.Certificates = []tls.Certificate{cert}
tls_config.ClientCAs = CA_Pool

creds := credentials.NewTLS(tls_config)

grpcServer := grpc.NewServer(grpc.Creds(creds))
api_proto.RegisterAPIServer(
Expand Down

0 comments on commit 6082bd0

Please sign in to comment.