fix CVE-2016-2183 (#5844)

* fix CVE-2016-2183 * allow tls.min_version and tls.max_version not set
2025-09-22 20:43:35 +08:00 · 2024-08-02 11:00:22 +08:00
parent 4fee496b49
commit 5ee50d26d8
2 changed files with 80 additions and 6 deletions
--- a/weed/command/s3.go
+++ b/weed/command/s3.go
@@ -328,6 +328,10 @@ func (s3opt *S3Options) startS3Server() bool {
 			ClientAuth:     clientAuth,
 			ClientCAs:      caCertPool,
 		}
+		err = security.FixTlsConfig(util.GetViper(), httpS.TLSConfig)
+		if err != nil {
+			glog.Fatalf("error with tls config: %v", err)
+		}
 		if *s3opt.portHttps == 0 {
 			glog.V(0).Infof("Start Seaweed S3 API Server %s at https port %d", util.Version(), *s3opt.port)
 			if s3ApiLocalListener != nil {