33 lines
823 B
Go
33 lines
823 B
Go
// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
//go:build boringcrypto
|
|
|
|
package ptls
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
|
|
"k8s.io/apiserver/pkg/server/options"
|
|
)
|
|
|
|
// secureServingOptionsMinTLSVersion is the minimum tls version in the format
|
|
// expected by SecureServingOptions.MinTLSVersion from
|
|
// k8s.io/apiserver/pkg/server/options.
|
|
//
|
|
// Always use TLS 1.2 for FIPs.
|
|
const secureServingOptionsMinTLSVersion = "VersionTLS12"
|
|
|
|
// SecureTLSConfigMinTLSVersion is the minimum tls version in the format expected
|
|
// by tls.Config.
|
|
const SecureTLSConfigMinTLSVersion = tls.VersionTLS12
|
|
|
|
func Secure(rootCAs *x509.CertPool) *tls.Config {
|
|
return Default(rootCAs)
|
|
}
|
|
|
|
func secureServing(opts *options.SecureServingOptionsWithLoopback) {
|
|
defaultServing(opts)
|
|
}
|