command: Set minimum TLS version to 1.2

command/meta.go

@@ -67,6 +67,7 @@ func (m *Meta) Client() (*api.Client, error) {
 	if m.flagCACert != "" || m.flagCAPath != "" || m.flagInsecure {
 		tlsConfig := &tls.Config{
 			InsecureSkipVerify: m.flagInsecure,
+			MinVersion:         tls.VersionTLS12,
 		}
 
 		// TODO: Root CAs

command/server/listener.go

@@ -53,6 +53,7 @@ func listenerWrapTLS(
 	tlsConf := &tls.Config{}
 	tlsConf.Certificates = []tls.Certificate{cert}
 	tlsConf.NextProtos = []string{"http/1.1"}
+	tlsConf.MinVersion = tls.VersionTLS12 // Minimum version is TLS 1.2
 
 	ln = tls.NewListener(ln, tlsConf)
 	props["tls"] = "enabled"