Add the ability to specify the maximum acceptable TLS version (promet…

…heus#414) Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
goldmansachs · Nov 9, 2023 · 67198a4 · 67198a4
1 parent 2fedb72
commit 67198a4
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/config/http_config.go b/config/http_config.go
@@ -823,6 +823,12 @@ func NewTLSConfig(cfg *TLSConfig) (*tls.Config, error) {
 		MaxVersion:         uint16(cfg.MaxVersion),
 	}
 
+	if cfg.MaxVersion != 0 && cfg.MinVersion != 0 {
+		if cfg.MaxVersion < cfg.MinVersion {
+			return nil, fmt.Errorf("tls_config.max_version must be greater than or equal to tls_config.min_version if both are specified")
+		}
+	}
+
 	// If a CA cert is provided then let's read it in so we can validate the
 	// scrape target's certificate properly.
 	if len(cfg.CAFile) > 0 {