From 453262832aa119526f7fb78f1911508d7b7571ca Mon Sep 17 00:00:00 2001
From: yusing <yusing@6uo.me>
Date: Mon, 12 May 2025 12:22:52 +0800
Subject: [PATCH] security: disallow tls1.0/1.1

---
 internal/net/gphttp/server/server.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/net/gphttp/server/server.go b/internal/net/gphttp/server/server.go
index 8f8a3e1..c42afec 100644
--- a/internal/net/gphttp/server/server.go
+++ b/internal/net/gphttp/server/server.go
@@ -73,6 +73,7 @@ func NewServer(opt Options) (s *Server) {
 			Handler: opt.Handler,
 			TLSConfig: &tls.Config{
 				GetCertificate: opt.CertProvider.GetCert,
+				MinVersion:     tls.VersionTLS12,
 			},
 		}
 	}
@@ -169,7 +170,7 @@ func stop[Server httpServer](srv Server, logger *zerolog.Logger) {
 
 	proto := proto(srv)
 
-	ctx, cancel := context.WithTimeout(task.RootContext(), 3*time.Second)
+	ctx, cancel := context.WithTimeout(task.RootContext(), 1*time.Second)
 	defer cancel()
 
 	if err := srv.Shutdown(ctx); err != nil {