Merge "[FAB-4251] Only support TLS >= 1.2 to Kafka"

hyperledger · Jun 2, 2017 · 3b40efa · 3b40efa
2 parents f68f939 + 2b8c0aa
commit 3b40efa
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/orderer/kafka/util.go b/orderer/kafka/util.go
@@ -48,7 +48,7 @@ func newBrokerConfig(kafkaVersion sarama.KafkaVersion, chosenStaticPartition int
 		brokerConfig.Net.TLS.Config = &tls.Config{
 			Certificates: []tls.Certificate{keyPair},
 			RootCAs:      rootCAs,
-			MinVersion:   0, // TLS 1.0 (no SSL support)
+			MinVersion:   tls.VersionTLS12,
 			MaxVersion:   0, // Latest supported TLS version
 		}
 	}

diff --git a/orderer/kafka/util_test.go b/orderer/kafka/util_test.go
@@ -17,6 +17,7 @@ limitations under the License.
 package kafka
 
 import (
+	"crypto/tls"
 	"testing"
 
 	"github.com/Shopify/sarama"
@@ -132,7 +133,7 @@ func TestTLSConfigEnabled(t *testing.T) {
 	assert.Len(t, config.Net.TLS.Config.Certificates, 1)
 	assert.Len(t, config.Net.TLS.Config.RootCAs.Subjects(), 1)
 	assert.Equal(t, uint16(0), config.Net.TLS.Config.MaxVersion)
-	assert.Equal(t, uint16(0), config.Net.TLS.Config.MinVersion)
+	assert.Equal(t, uint16(tls.VersionTLS12), config.Net.TLS.Config.MinVersion)
 }
 
 func TestTLSConfigDisabled(t *testing.T) {