From 012e4b42f97c884eb187bd62f97199a8f7c7fd67 Mon Sep 17 00:00:00 2001
From: Andreas Auernhammer <aead@mail.de>
Date: Fri, 12 Apr 2019 05:46:15 +0200
Subject: [PATCH] http: opt-in to TLS 1.3 (#7483)

This commit enables TLS 1.3 on the server. For Go 1.12 TLS 1.3 is
enabled by an explicit opt-in.
---
 cmd/http/server.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cmd/http/server.go b/cmd/http/server.go
index 8ee47fe41..e56a52a66 100644
--- a/cmd/http/server.go
+++ b/cmd/http/server.go
@@ -20,6 +20,7 @@ import (
 	"crypto/tls"
 	"errors"
 	"net/http"
+	"os"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -31,6 +32,13 @@ import (
 	"github.com/minio/minio/pkg/certs"
 )
 
+func init() {
+	// Opt-in to TLS 1.3. See: https://golang.org/pkg/crypto/tls
+	// In future Go versions TLS 1.3 probably gets enabled by default.
+	// So, we can remove this line as soon as this is the case.
+	os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
+}
+
 const (
 	serverShutdownPoll = 500 * time.Millisecond