Added user selectable min TLS version

- Added user selectable min TLS version in UI - Updated api to support custom TLS versions
2025-11-07 01:14:07 +01:00 · 2025-10-15 20:20:58 +08:00
parent deb096545d
commit 9a5a0eb84d
6 changed files with 78 additions and 58 deletions
--- a/src/mod/dynamicproxy/dynamicproxy.go
+++ b/src/mod/dynamicproxy/dynamicproxy.go
@@ -48,8 +48,8 @@ func (router *Router) UpdateTLSSetting(tlsEnabled bool) {

 // Update TLS Version in runtime. Will restart proxy server if running.
 // Set this to true to force TLS 1.2 or above
-func (router *Router) UpdateTLSVersion(requireLatest bool) {
-	router.Option.ForceTLSLatest = requireLatest
+func (router *Router) SetTlsMinVersion(minTlsVersion uint16) {
+	router.Option.MinTLSVersion = minTlsVersion
 	router.Restart()
 }

@@ -77,9 +77,9 @@ func (router *Router) StartProxyService() error {
 		return errors.New("reverse proxy router root not set")
 	}

-	minVersion := tls.VersionTLS10
-	if router.Option.ForceTLSLatest {
-		minVersion = tls.VersionTLS12
+	minVersion := tls.VersionTLS12 //Default to TLS 1.2
+	if router.Option.MinTLSVersion != 0 {
+		minVersion = int(router.Option.MinTLSVersion)
 	}

 	config := &tls.Config{
--- a/src/mod/dynamicproxy/typedef.go
+++ b/src/mod/dynamicproxy/typedef.go
@@ -49,7 +49,7 @@ type RouterOption struct {
 	HostVersion        string //The version of Zoraxy, use for heading mod
 	Port               int    //Incoming port
 	UseTls             bool   //Use TLS to serve incoming requsts
-	ForceTLSLatest     bool   //Force TLS1.2 or above
+	MinTLSVersion      uint16 //Minimum TLS version
 	NoCache            bool   //Force set Cache-Control: no-store
 	ListenOnPort80     bool   //Enable port 80 http listener
 	ForceHttpsRedirect bool   //Force redirection of http to https endpoint