Skip to content

Commit 1cfe757

Browse files
ofekshenawagithub-advanced-security[bot]
ofekshenawa
and
github-advanced-security[bot]
authored
Potential fix for code scanning alert no. 15: Insecure TLS configuration
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
1 parent a070b72 commit 1cfe757

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

sentinel.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -441,7 +441,8 @@ func setupFailoverConnParams(u *url.URL, o *FailoverOptions) (*FailoverOptions,
441441
}
442442
// Handle TLS version setting securely
443443
if minVer == 0 {
444-
// Don't set MinVersion, let Go use its secure default
444+
// Explicitly set MinVersion to TLS 1.2 for security
445+
o.TLSConfig.MinVersion = tls.VersionTLS12
445446
} else if minVer < int(tls.VersionTLS12) {
446447
return nil, fmt.Errorf("redis: tls_min_version %d is insecure (minimum allowed is TLS 1.2: %d)", minVer, tls.VersionTLS12)
447448
} else {

0 commit comments

Comments
 (0)