feat: limit tls minversion to 1.2

dns/dns.go

@@ -179,7 +179,10 @@ func (ds *DNSList) DialContext(ctx context.Context, dialer *net.Dialer, firstFra
 				}
 				continue
 			}
-			tlsConn = tls.Client(conn, &tls.Config{ServerName: host})
+			tlsConn = tls.Client(conn, &tls.Config{
+				ServerName: host,
+				MinVersion: tls.VersionTLS12,
+			})
 			if firstFragmentLen > 0 {
 				err = terasu.Use(tlsConn).HandshakeContext(ctx, firstFragmentLen)
 			} else {

dns/dns_test.go

@@ -114,7 +114,10 @@ func (ds *DNSList) test() {
 			if err != nil {
 				continue
 			}
-			tlsConn := tls.Client(conn, &tls.Config{ServerName: host})
+			tlsConn := tls.Client(conn, &tls.Config{
+				ServerName: host,
+				MinVersion: tls.VersionTLS12,
+			})
 			err = terasu.Use(tlsConn).Handshake(4)
 			_ = tlsConn.Close()
 			if err == nil {

http/http.go

@@ -60,6 +60,7 @@ var DefaultClient = http.Client{
 				}
 				tlsConn = tls.Client(conn, &tls.Config{
 					ServerName: host,
+					MinVersion: tls.VersionTLS12,
 				})
 				if terasu.DefaultFirstFragmentLen > 0 {
 					err = terasu.Use(tlsConn).HandshakeContext(ctx, terasu.DefaultFirstFragmentLen)
@@ -77,6 +78,7 @@ var DefaultClient = http.Client{
 				}
 				tlsConn = tls.Client(conn, &tls.Config{
 					ServerName: host,
+					MinVersion: tls.VersionTLS12,
 				})
 				err = tlsConn.HandshakeContext(ctx)
 				if err == nil {

terasu_test.go

@@ -19,6 +19,7 @@ func TestHTTPDialTLS13(t *testing.T) {
 				t.Log("net.Dial succeeded")
 				tlsConn := tls.Client(conn, &tls.Config{
 					ServerName:         "huggingface.co",
+					MinVersion:         tls.VersionTLS12,
 					InsecureSkipVerify: true,
 				})
 				err = Use(tlsConn).Handshake(4)
@@ -57,6 +58,7 @@ func TestHTTPDialTLS12(t *testing.T) {
 				tlsConn := tls.Client(conn, &tls.Config{
 					ServerName:         "huggingface.co",
 					InsecureSkipVerify: true,
+					MinVersion:         tls.VersionTLS12,
 					MaxVersion:         tls.VersionTLS12,
 				})
 				err = Use(tlsConn).Handshake(4)