Enforce TLS 1.3 where supported

andreaso · Nov 19, 2023 · 176781b · 176781b
1 parent 5c8fcf8
commit 176781b
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 1 deletion.
diff --git a/action.yaml b/action.yaml
@@ -79,7 +79,7 @@ runs:
       if: success() || steps.generator.conclusion == 'failure'
       shell: bash
       run: |
-        curl --fail --silent --show-error --header "X-Vault-Token: ${VAULT_TOKEN}" --data "" "${VAULT_SERVER%/}/v1/auth/token/revoke-self"
+        curl --fail --silent --show-error --tlsv1.3 --header "X-Vault-Token: ${VAULT_TOKEN}" --data "" "${VAULT_SERVER%/}/v1/auth/token/revoke-self"
       env:
         VAULT_SERVER: ${{ inputs.vault_server }}
         VAULT_TOKEN: ${{ steps.vault_auth.outputs.vault_token }}
diff --git a/generate-and-sign b/generate-and-sign
@@ -22,6 +22,7 @@ curl \
     --fail \
     --silent \
     --show-error \
+    --tlsv1.3 \
     --output "$response" \
     --header "X-Vault-Token: $VAULT_TOKEN" \
     --data "{\"public_key\": \"$pubkey\"}" \

diff --git a/github-vault-auth b/github-vault-auth
@@ -23,6 +23,7 @@ curl \
     --fail \
     --silent \
     --show-error \
+    --tlsv1.3 \
     --connect-timeout 10 \
     --output "$vault_response" \
     --data '{"jwt": "'"$github_jwt"'", "role": "'"$ROLE"'"}' \