From df3779f780a19a08592f6fc85bccc9349ca187b0 Mon Sep 17 00:00:00 2001
From: Josh Rickmar <jrick@conformal.com>
Date: Mon, 15 Dec 2014 14:00:01 -0500
Subject: [PATCH] Require TLS 1.2 minimum.

This prevents a downgrade attack to the vulnerable SSLv3.  While here,
go ahead and require at least TLS 1.2 since TLS 1.0 and 1.1 have their
own set of issues and it's only a matter of time before those would
need to be completely avoided as well.
---
 rpcserver.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rpcserver.go b/rpcserver.go
index eb1df55..3c5864a 100644
--- a/rpcserver.go
+++ b/rpcserver.go
@@ -333,6 +333,7 @@ func newRPCServer(listenAddrs []string, maxPost, maxWebsockets int64) (*rpcServe
 
 	tlsConfig := tls.Config{
 		Certificates: []tls.Certificate{keypair},
+		MinVersion:   tls.VersionTLS12,
 	}
 
 	ipv4ListenAddrs, ipv6ListenAddrs, err := parseListeners(listenAddrs)