diff --git a/config/setup/tls.go b/config/setup/tls.go index bd923c34..a26e9265 100644 --- a/config/setup/tls.go +++ b/config/setup/tls.go @@ -12,7 +12,7 @@ import ( // Map of supported protocols // SSLv3 will be not supported in next release var supportedProtocols = map[string]uint16{ - "ssl3": tls.VersionSSL30, + "ssl3.0": tls.VersionSSL30, "tls1.0": tls.VersionTLS10, "tls1.1": tls.VersionTLS11, "tls1.2": tls.VersionTLS12, diff --git a/config/setup/tls_test.go b/config/setup/tls_test.go index 11e98388..8895dd11 100644 --- a/config/setup/tls_test.go +++ b/config/setup/tls_test.go @@ -18,11 +18,11 @@ func TestTLSParseNoOptional(t *testing.T) { } if c.TLS.ProtocolMinVersion != tls.VersionTLS11 { - t.Errorf("Expected 'tls1.1' ProtocolMinVersion , got %v", c.TLS.ProtocolMinVersion) + t.Errorf("Expected 'tls1.1 (0x0302)' as ProtocolMinVersion, got %#v", c.TLS.ProtocolMinVersion) } if c.TLS.ProtocolMaxVersion != tls.VersionTLS12 { - t.Errorf("Expected ProtocolMaxVersion 0, got %v", c.TLS.ProtocolMaxVersion) + t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", c.TLS.ProtocolMaxVersion) } if c.TLS.CacheSize != 64 { @@ -49,7 +49,7 @@ func TestTLSParseIncompleteParams(t *testing.T) { func TestTLSParseWithOptionalParams(t *testing.T) { params := `tls cert.crt cert.key { - protocols ssl3 tls1.2 + protocols ssl3.0 tls1.2 ciphers RSA-3DES-EDE-CBC-SHA RSA-AES256-CBC-SHA ECDHE-RSA-AES128-GCM-SHA256 cache 128 }` @@ -61,11 +61,11 @@ func TestTLSParseWithOptionalParams(t *testing.T) { } if c.TLS.ProtocolMinVersion != tls.VersionSSL30 { - t.Errorf("Expected 'ssl3' ProtocolMinVersion, got %#v", c.TLS.ProtocolMinVersion) + t.Errorf("Expected 'ssl3.0 (0x0300)' as ProtocolMinVersion, got %#v", c.TLS.ProtocolMinVersion) } if c.TLS.ProtocolMaxVersion != tls.VersionTLS12 { - t.Errorf("Expected 'tls1.2' ProtocolMaxVersion, got %v", c.TLS.ProtocolMaxVersion) + t.Errorf("Expected 'tls1.2 (0x0302)' as ProtocolMaxVersion, got %#v", c.TLS.ProtocolMaxVersion) } if len(c.TLS.Ciphers) != 3 {