From 723860fa9672bf07dc6b5bbb10271fd098178559 Mon Sep 17 00:00:00 2001
From: Armon Dadgar <armon.dadgar@gmail.com>
Date: Mon, 13 Apr 2015 13:00:01 -0700
Subject: [PATCH] command: Set minimum TLS version to 1.2

---
 command/meta.go            | 1 +
 command/server/listener.go | 1 +
 2 files changed, 2 insertions(+)

diff --git a/command/meta.go b/command/meta.go
index 51e382268a..baf8aa20e3 100644
--- a/command/meta.go
+++ b/command/meta.go
@@ -67,6 +67,7 @@ func (m *Meta) Client() (*api.Client, error) {
 	if m.flagCACert != "" || m.flagCAPath != "" || m.flagInsecure {
 		tlsConfig := &tls.Config{
 			InsecureSkipVerify: m.flagInsecure,
+			MinVersion:         tls.VersionTLS12,
 		}
 
 		// TODO: Root CAs
diff --git a/command/server/listener.go b/command/server/listener.go
index 7d1de552fd..4772606216 100644
--- a/command/server/listener.go
+++ b/command/server/listener.go
@@ -53,6 +53,7 @@ func listenerWrapTLS(
 	tlsConf := &tls.Config{}
 	tlsConf.Certificates = []tls.Certificate{cert}
 	tlsConf.NextProtos = []string{"http/1.1"}
+	tlsConf.MinVersion = tls.VersionTLS12 // Minimum version is TLS 1.2
 
 	ln = tls.NewListener(ln, tlsConf)
 	props["tls"] = "enabled"