projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
19896: Use StartTLS + MinTLSVersion regardless of Insecure flag.
[arvados.git] / lib / controller / localdb / login_ldap.go
diff --git a/lib/controller/localdb/login_ldap.go b/lib/controller/localdb/login_ldap.go
index f8fe9084d7d4701bda55d3f410ca8d1c49ee040d..df3982c85f627edc301241777e1b1ae7c1b52105 100644 (file)
--- a/lib/controller/localdb/login_ldap.go
+++ b/lib/controller/localdb/login_ldap.go
@@ -74,9 +74,9 @@ func (ctrl *ldapLoginController) UserAuthenticate(ctx context.Context, opts arva
 
        if conf.StartTLS {
                var tlsconfig tls.Config
+               tlsconfig.MinVersion = uint16(conf.MinTLSVersion)
                if conf.InsecureTLS {
                        tlsconfig.InsecureSkipVerify = true
-                       tlsconfig.MinVersion = uint16(conf.MinTLSVersion)
                } else {
                        if host, _, err := net.SplitHostPort(conf.URL.Host); err != nil {
                                // Assume SplitHostPort error means