From 09da88114dbfe7717a6e1efa6a4be9966e91f691 Mon Sep 17 00:00:00 2001 From: Julien Pivotto Date: Wed, 20 Apr 2022 09:57:53 +0200 Subject: [PATCH] Support overriding minimum TLS version Signed-off-by: Julien Pivotto --- config/config_test.go | 4 ++++ config/testdata/conf.good.yml | 3 +++ docs/configuration/configuration.md | 6 ++++++ go.mod | 2 +- go.sum | 4 ++-- 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/config/config_test.go b/config/config_test.go index 822185dba..65a811000 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -14,6 +14,7 @@ package config import ( + "crypto/tls" "encoding/json" "io/ioutil" "net/url" @@ -179,6 +180,9 @@ var expectedConf = &Config{ }, FollowRedirects: true, EnableHTTP2: true, + TLSConfig: config.TLSConfig{ + MinVersion: config.TLSVersion(tls.VersionTLS10), + }, }, ServiceDiscoveryConfigs: discovery.Configs{ diff --git a/config/testdata/conf.good.yml b/config/testdata/conf.good.yml index 33e9639d6..58ef791af 100644 --- a/config/testdata/conf.good.yml +++ b/config/testdata/conf.good.yml @@ -91,6 +91,9 @@ scrape_configs: authorization: credentials_file: valid_token_file + tls_config: + min_version: TLS10 + - job_name: service-x basic_auth: diff --git a/docs/configuration/configuration.md b/docs/configuration/configuration.md index 08349e241..1185573d0 100644 --- a/docs/configuration/configuration.md +++ b/docs/configuration/configuration.md @@ -369,6 +369,12 @@ A `tls_config` allows configuring TLS connections. # Disable validation of the server certificate. [ insecure_skip_verify: ] + +# Minimum acceptable TLS version. Accepted values: TLS10 (TLS 1.0), TLS11 (TLS +# 1.1), TLS12 (TLS 1.2), TLS13 (TLS 1.3). +# If unset, Prometheus will use Go default minimum version, which is TLS 1.2. +# See MinVersion in https://pkg.go.dev/crypto/tls#Config. +[ min_version: ] ``` ### `` diff --git a/go.mod b/go.mod index 9fecc16ad..cf9e9dbb3 100644 --- a/go.mod +++ b/go.mod @@ -48,7 +48,7 @@ require ( github.com/prometheus/alertmanager v0.24.0 github.com/prometheus/client_golang v1.12.1 github.com/prometheus/client_model v0.2.0 - github.com/prometheus/common v0.33.0 + github.com/prometheus/common v0.34.0 github.com/prometheus/common/assets v0.1.0 github.com/prometheus/common/sigv4 v0.1.0 github.com/prometheus/exporter-toolkit v0.7.1 diff --git a/go.sum b/go.sum index 2e3f5a14e..54e138a5d 100644 --- a/go.sum +++ b/go.sum @@ -1063,8 +1063,8 @@ github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9 github.com/prometheus/common v0.29.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= -github.com/prometheus/common v0.33.0 h1:rHgav/0a6+uYgGdNt3jwz8FNSesO/Hsang3O0T9A5SE= -github.com/prometheus/common v0.33.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE= +github.com/prometheus/common v0.34.0 h1:RBmGO9d/FVjqHT0yUGQwBJhkwKV+wPCn7KGpvfab0uE= +github.com/prometheus/common v0.34.0/go.mod h1:gB3sOl7P0TvJabZpLY5uQMpUqRCPPCyRLCZYc7JZTNE= github.com/prometheus/common/assets v0.1.0 h1:8WlWPDRjbfff4FWCBjaUF0NEIgDD2Mv2anoKfwG+Ums= github.com/prometheus/common/assets v0.1.0/go.mod h1:D17UVUE12bHbim7HzwUvtqm6gwBEaDQ0F+hIGbFbccI= github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdDeppTwGX4=