rpcclient: Explicitly require TLS >= 1.2 for HTTP.

This set the TLS config to explicitly require TLS 1.2 as the minimum version for HTTP connections to explicitly match the requirement it imposes for WebSocket connections. This is technically a noop for the more recent Go releases that are officially supported since TLS 1.2 is the default minimum when acting as a client for those releases, however, it is preferable to be explicit and consistent.
decred · Jul 26, 2023 · 7f430e7 · 7f430e7
1 parent 11ff764
commit 7f430e7
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/rpcclient/infrastructure.go b/rpcclient/infrastructure.go
@@ -1187,7 +1187,8 @@ func newHTTPClient(config *ConnConfig) (*http.Client, error) {
 			pool := x509.NewCertPool()
 			pool.AppendCertsFromPEM(config.Certificates)
 			tlsConfig = &tls.Config{
-				RootCAs: pool,
+				RootCAs:    pool,
+				MinVersion: tls.VersionTLS12,
 			}
 		}
 	}