Provide ability to configure TLSVersion used by the server

Author: vkuznet

config.go

@@ -46,5 +46,8 @@ func parseConfig(configFile string) error {
 	if Config.WriteTimeout == 0 {
 		Config.WriteTimeout = 300
 	}
+	if Config.TLSVersion == "" {
+		Config.TLSVersion = "tls13"
+	}
 	return nil
 }

data.go

@@ -55,6 +55,7 @@ type Configuration struct {
 	Scitokens           ScitokensConfig `json:"scitokens"`              // scitokens configuration
 	WellKnown           string          `json:"well_known"`             // location of well-known area
 	Providers           []string        `json:"providers`               // list of JWKS providers
+	TLSVersion          string          `json:"tlsVersion"`             // minimum TLS version
 }
 
 // HTTPRecord provides http record we send to logs endpoint

utils.go

@@ -96,8 +96,19 @@ func getServer(serverCrt, serverKey string, customVerify bool) (*http.Server, er
 			log.Fatalf("server loadkeys: %s", err)
 
 		}
+		// see go doc tls.VersionTLS13 for different versions
+		minVer := tls.VersionTLS13
+		if Config.TLSVersion == "tls10" {
+			minVer = tls.VersionTLS10
+		} else if Config.TLSVersion == "tls11" {
+			minVer = tls.VersionTLS11
+		} else if Config.TLSVersion == "tls12" {
+			minVer = tls.VersionTLS12
+		} else if Config.TLSVersion == "tls13" {
+			minVer = tls.VersionTLS13
+		}
 		tlsConfig = &tls.Config{
-			MinVersion:   0x0304,
+			MinVersion:   uint16(minVer),
 			RootCAs:      rootCAs,
 			Certificates: []tls.Certificate{cert},
 		}