API + HTTP + Exports: Cleaner TLS1.3 enforcement using a custom DefaultTransport

Also fix where TLS 1.3 was not properly enforced for the endpoint cache
author: jwijenbergh <jeroenwijenbergh@protonmail.com> 2024-10-25 15:27:23 +0200
committer: Jeroen Wijenbergh <46386452+jwijenbergh@users.noreply.github.com> 2024-10-28 17:02:14 +0100
commit: 0076386bca8b1e49673f50323cd147ac080cfc2f (patch)
tree: 15aa6ee6cf752db189e0b2b6f75376c9644d384d /internal/http/http.go
parent: 8cd50acd5c961bd9c52f1fcbaf18ddc1015accd0 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/internal/http/http.go b/internal/http/http.go
index a7240e1..aeb113e 100644
--- a/internal/http/http.go
+++ b/internal/http/http.go
@@ -147,19 +147,23 @@ type Client struct {
 	Timeout time.Duration
 }
 
-// TLS13Transport returns a http.Transport with the minimum TLS version set to 1.3
-func TLS13Transport() *http.Transport {
+// tls13Transport returns a http.Transport with the minimum TLS version set to 1.3
+func tls13Transport() *http.Transport {
 	tr := http.DefaultTransport.(*http.Transport).Clone()
 	tr.TLSClientConfig = &tls.Config{MinVersion: tls.VersionTLS13}
 	return tr
 }
 
+// DefaultTransport is the default HTTP transport to use
+// by default it is a transport that only allows TLS 1.3
+var DefaultTransport = tls13Transport()
+
 // NewClient returns a HTTP client with some default settings
 func NewClient(client *http.Client) *Client {
 	c := client
 	if c == nil {
 		c = &http.Client{
-			Transport: TLS13Transport(),
+			Transport: DefaultTransport,
 		}
 	}
 	// if a client is non-nil it uses its own transport
author	jwijenbergh <jeroenwijenbergh@protonmail.com>	2024-10-25 15:27:23 +0200
committer	Jeroen Wijenbergh <46386452+jwijenbergh@users.noreply.github.com>	2024-10-28 17:02:14 +0100
commit	0076386bca8b1e49673f50323cd147ac080cfc2f (patch)
tree	15aa6ee6cf752db189e0b2b6f75376c9644d384d /internal/http/http.go
parent	8cd50acd5c961bd9c52f1fcbaf18ddc1015accd0 (diff)