From e334148a915811ba733f52f2cf382bcc27d86311 Mon Sep 17 00:00:00 2001
From: Jonathan Boulle <jonathanboulle@gmail.com>
Date: Wed, 15 Oct 2014 12:08:59 -0700
Subject: [PATCH] pkg: set minimum TLS version to 1.0 (disable SSL3)

SSLv3 is no longer considered secure, and is not supported by golang
clients. Set the minimum version of all TLSConfigs that etcd uses to
ensure that only TLS >=1.0 can be used.
---
 pkg/transport/listener.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkg/transport/listener.go b/pkg/transport/listener.go
index d018a90aa..c298627e3 100644
--- a/pkg/transport/listener.go
+++ b/pkg/transport/listener.go
@@ -89,9 +89,11 @@ func (info TLSInfo) baseConfig() (*tls.Config, error) {
 		return nil, err
 	}
 
-	var cfg tls.Config
-	cfg.Certificates = []tls.Certificate{tlsCert}
-	return &cfg, nil
+	cfg := &tls.Config{
+		Certificates: []tls.Certificate{tlsCert},
+		MinVersion:   tls.VersionTLS10,
+	}
+	return cfg, nil
 }
 
 // ServerConfig generates a tls.Config object for use by an HTTP server