The following PR
(
https://github.com/keycloak/keycloak-gatekeeper/pull/449) is inspired
by the idea of achieving higher scores on SSL Labs
(
https://blog.bracebin.com/achieving-perfect-ssl-labs-score-with-go).
Even though I believe it's great to get high scores on SSL Labs, I can
see some cons about this change:
1. ParseTLS() function needs to be updated for every new Golang
version
(
https://github.com/keycloak/keycloak-gatekeeper/pull/449/files#diff-b4bda...)
2. We shouldn't support TLS 1.0, TLS 1.1
3. There's a chance that SSLv3 will be removed in Go 1.14
(
https://github.com/golang/go/issues/32716)
If we believe that's our desire to move forward with the idea behind
this PR, probably some updates will be required. Anyways, feel free to
comment on that.
--
- abstractj