From 0076386bca8b1e49673f50323cd147ac080cfc2f Mon Sep 17 00:00:00 2001
From: jwijenbergh <jeroenwijenbergh@protonmail.com>
Date: Fri, 25 Oct 2024 15:27:23 +0200
Subject: API + HTTP + Exports: Cleaner TLS1.3 enforcement using a custom
 DefaultTransport

Also fix where TLS 1.3 was not properly enforced for the endpoint cache
---
 internal/http/http.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'internal/http')

diff --git a/internal/http/http.go b/internal/http/http.go
index a7240e1..aeb113e 100644
--- a/internal/http/http.go
+++ b/internal/http/http.go
@@ -147,19 +147,23 @@ type Client struct {
 	Timeout time.Duration
 }
 
-// TLS13Transport returns a http.Transport with the minimum TLS version set to 1.3
-func TLS13Transport() *http.Transport {
+// tls13Transport returns a http.Transport with the minimum TLS version set to 1.3
+func tls13Transport() *http.Transport {
 	tr := http.DefaultTransport.(*http.Transport).Clone()
 	tr.TLSClientConfig = &tls.Config{MinVersion: tls.VersionTLS13}
 	return tr
 }
 
+// DefaultTransport is the default HTTP transport to use
+// by default it is a transport that only allows TLS 1.3
+var DefaultTransport = tls13Transport()
+
 // NewClient returns a HTTP client with some default settings
 func NewClient(client *http.Client) *Client {
 	c := client
 	if c == nil {
 		c = &http.Client{
-			Transport: TLS13Transport(),
+			Transport: DefaultTransport,
 		}
 	}
 	// if a client is non-nil it uses its own transport
-- 
cgit v1.2.3