From ed412df182b81c53a8192c2e571ce80aa4faadae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20van=20Eeden?= <git@myname.nl>
Date: Thu, 4 Jan 2024 19:48:33 +0100
Subject: [PATCH] util: Use TLSv1.2 as minimum TLS version by default (#36037)

close pingcap/tidb#36036
---
 pkg/util/misc.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/util/misc.go b/pkg/util/misc.go
index 73025d5feac96..40b62e2151e4a 100644
--- a/pkg/util/misc.go
+++ b/pkg/util/misc.go
@@ -485,7 +485,7 @@ func LoadTLSCertificates(ca, key, cert string, autoTLS bool, rsaKeySize int) (tl
 
 	requireTLS := tlsutil.RequireSecureTransport.Load()
 
-	var minTLSVersion uint16 = tls.VersionTLS11
+	var minTLSVersion uint16 = tls.VersionTLS12
 	switch tlsver := config.GetGlobalConfig().Security.MinTLSVersion; tlsver {
 	case "TLSv1.0":
 		minTLSVersion = tls.VersionTLS10