prefer server cipher suites (#29379)

G402 (CWE-295): TLS PreferServerCipherSuites set false. Signed-off-by: bergquist <carl.bergquist@gmail.com>

prefer server cipher suites (#29379)
G402 (CWE-295): TLS PreferServerCipherSuites set false. Signed-off-by: bergquist <carl.bergquist@gmail.com>
aebe8985 · Carl Bergquist · GitHub · 2af4deed · aebe8985
Commit aebe8985 authored Nov 25, 2020 by Carl Bergquist Committed by GitHub Nov 25, 2020
Show whitespace changes
Inline Side-by-side

Showing with 1 additions and 1 deletions

pkg/api/http_server.go
+1 -1

No files found.
--- a/pkg/api/http_server.go
+++ b/pkg/api/http_server.go
@@ -249,7 +249,7 @@ func (hs *HTTPServer) configureHttp2() error {

 	tlsCfg := &tls.Config{
 		MinVersion:               tls.VersionTLS12,
-		PreferServerCipherSuites: false,
+		PreferServerCipherSuites: true,
 		CipherSuites: []uint16{
 			tls.TLS_CHACHA20_POLY1305_SHA256,
 			tls.TLS_AES_128_GCM_SHA256,