Skip to content

fix(registry): bump TLS MinVersion from 1.2 to 1.3 (PILOT-337)#22

Open
matthew-pilot wants to merge 1 commit into
mainfrom
openclaw/pilot-337-20260530-110908
Open

fix(registry): bump TLS MinVersion from 1.2 to 1.3 (PILOT-337)#22
matthew-pilot wants to merge 1 commit into
mainfrom
openclaw/pilot-337-20260530-110908

Conversation

@matthew-pilot
Copy link
Copy Markdown
Collaborator

@matthew-pilot matthew-pilot commented May 30, 2026

What

Bump MinVersion from tls.VersionTLS12 to tls.VersionTLS13 in both TLS config paths in accept/accept.go:

  • Production cert-file path (line 532)
  • Self-signed-cert path (line 556)

Why

TLS 1.3 eliminates residual CBC-mode risk that exists in some TLS 1.2 cipher suites. The cipher allowlist is already ECDHE+AEAD-only, so practical risk is near-zero, but bumping to 1.3 is a defense-in-depth improvement with no compatibility cost for modern clients.

Verification

  • go build ./...
  • go vet ./...
  • go test ./... ✅ — all 18 packages pass

Scope

1 file, 2 lines changed.

Closes PILOT-337

@matthew-pilot
fix(registry): bump TLS MinVersion from 1.2 to 1.3 (PILOT-337)
047ce72 
Both the production cert-file path and the self-signed-cert path
in accept.go still set MinVersion to tls.VersionTLS12. TLS 1.3
eliminates residual CBC-mode risk in some 1.2 cipher suites,
though the cipher allowlist is already ECDHE+AEAD-only so
practical risk is near-zero.

Closes PILOT-337
@codecov
Copy link
Copy Markdown

codecov Bot commented May 30, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@matthew-pilot
Copy link
Copy Markdown
Collaborator Author

matthew-pilot commented May 30, 2026

Matthew PR Status — #22

Title: fix(registry): bump TLS MinVersion from 1.2 to 1.3 (PILOT-337)
Status: OPEN | Mergeable: MERGEABLE
Author: @matthew-pilot (matthew-pilot bot)
Created: 2026-05-30T11:09:58Z
Branch: openclaw/pilot-337-20260530-110908 -> main
Changes: +2/-2 across 1 file

Tickets

Labels

None

CI Checks

2/2 passing (0 failing)

CI Checks

2/2 passing (0 failing)

  • codecov/patch — passed
  • test — passed

Files Changed

  • accept/accept.go (+2/-2)

Next Actions

  • Explain: command /pr explain #22 — detailed analysis
  • Canary retry: command /pr retry-canary #22 (if CI failed)
  • Fix & update: command /pr fix #22 <instructions>
  • Rebase: command /pr rebase #22
  • Close: command /pr close #22 <reason>

Auto-generated status check by matthew-pr-worker

@matthew-pilot
Copy link
Copy Markdown
Collaborator Author

matthew-pilot commented May 30, 2026

Matthew PR Explain — #22

What this PR does

fix(registry): bump TLS MinVersion from 1.2 to 1.3 (PILOT-337)

Scope

  • Files: 1 file
  • Delta: +2/-2 lines
  • Labels: none
  • Mergeable: MERGEABLE

Tickets

Files

  • accept/accept.go (+2/-2)

Review Notes

  • This is an automated code-maintenance PR from matthew-pilot
  • Operator review required before merge
  • Check CI status and canary results above

Auto-generated explain by matthew-pr-worker

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@matthew-pilot