Set a TLS minimum version on `tls.Config` | Critiq Docs

#Metadata

Rule ID: go.security.tls-missing-min-version
Severity: medium
Confidence: 0.8
Languages: go
Presets: security, strict
Stability: experimental
Applies to: block
Tags: go, rules-catalog, security, tls

#Why it matters

Without `MinVersion`, the Go standard library accepts legacy TLS versions that are vulnerable to known protocol attacks.

#Remediation

Add `MinVersion: tls.VersionTLS12` (or `tls.VersionTLS13`) to the configuration to enforce a modern protocol baseline.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/go/go.security.tls-missing-min-version.rule.yaml.

Back to directory Open rule in repository