Skip to content

Commit

Permalink
logpolicy: force TLS 1.3 handshake
Browse files Browse the repository at this point in the history 
Updates tailscale#3363

We know `log.tailscale.io` supports TLS 1.3, so we can enforce its usage in the client to shake some bytes off the TLS handshake each time a connection is opened to upload logs.

Signed-off-by: Andrea Gottardo <[email protected]>
  • Loading branch information
@agottardo @bradfitz
agottardo authored and bradfitz committed Oct 3, 2024
1 parent 5f88b65 commit 58c6bc2
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions logpolicy/logpolicy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -813,6 +813,8 @@ func NewLogtailTransport(host string, netMon *netmon.Monitor, health *health.Tra
}

tr.TLSClientConfig = tlsdial.Config(host, health, tr.TLSClientConfig)
// Force TLS 1.3 since we know log.tailscale.io supports it.
tr.TLSClientConfig.MinVersion = tls.VersionTLS13

return tr
}
Expand Down

0 comments on commit 58c6bc2

Please sign in to comment.