From c1d302b08f55df05f320c29e4e0c6be62241d0e9 Mon Sep 17 00:00:00 2001
From: Javier Campanini <jcampanini@palantir.com>
Date: Thu, 9 Sep 2021 14:02:45 -0400
Subject: [PATCH] Default to TLS 1.2 as minimum version (#62)

* first draft

* default server params should setup tls min version

* make the default server created secure by default
---
 baseapp/server.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/baseapp/server.go b/baseapp/server.go
index 427cc2d0..fee29cdb 100644
--- a/baseapp/server.go
+++ b/baseapp/server.go
@@ -16,6 +16,7 @@ package baseapp
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -76,7 +77,11 @@ func NewServer(c HTTPConfig, params ...Param) (*Server, error) {
 	}
 
 	if base.server == nil {
-		base.server = &http.Server{}
+		base.server = &http.Server{
+			TLSConfig: &tls.Config{
+				MinVersion: tls.VersionTLS12,
+			},
+		}
 	}
 
 	if base.server.Addr == "" {