From b4c042bbd6d360f96ba7da40b89d8c970a3dbc5a Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Fri, 17 Nov 2023 14:53:07 +0000
Subject: [PATCH 1/3] remove tls version settings

Signed-off-by: Mai Bui <maibui@microsoft.com>
---
 rest/main/main.go | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/rest/main/main.go b/rest/main/main.go
index 7ad7d42165..b0e14c4e40 100644
--- a/rest/main/main.go
+++ b/rest/main/main.go
@@ -104,9 +104,6 @@ func main() {
 		ClientAuth:               getTLSClientAuthType(),
 		Certificates:             prepareServerCertificate(),
 		ClientCAs:                prepareCACertificates(),
-		MinVersion:               tls.VersionTLS12,
-		PreferServerCipherSuites: true,
-		CipherSuites:             getPreferredCipherSuites(),
 	}
 
 	// Prepare HTTPS server
@@ -199,17 +196,6 @@ func getTLSClientAuthType() tls.ClientAuthType {
 	}
 }
 
-func getPreferredCipherSuites() []uint16 {
-	return []uint16{
-		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	}
-}
-
 // findAManagementIP returns a valid IPv4 address of eth0.
 // Empty string is returned if no address could be resolved.
 func findAManagementIP() string {

From 24b3bff1458e472a0d188f18a9f84fedba8ce629 Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Fri, 17 Nov 2023 15:38:20 +0000
Subject: [PATCH 2/3] add MinVersion

Signed-off-by: Mai Bui <maibui@microsoft.com>
---
 rest/main/main.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rest/main/main.go b/rest/main/main.go
index b0e14c4e40..e5996af083 100644
--- a/rest/main/main.go
+++ b/rest/main/main.go
@@ -104,6 +104,7 @@ func main() {
 		ClientAuth:               getTLSClientAuthType(),
 		Certificates:             prepareServerCertificate(),
 		ClientCAs:                prepareCACertificates(),
+		MinVersion:               tls.VersionTLS12,
 	}
 
 	// Prepare HTTPS server

From cdb32751e6d4a517e88fa4874cedf2b8903d1c8f Mon Sep 17 00:00:00 2001
From: Mai Bui <maibui@microsoft.com>
Date: Tue, 9 Jan 2024 17:06:38 +0000
Subject: [PATCH 3/3] add PreferServerCipherSuites

Signed-off-by: Mai Bui <maibui@microsoft.com>
---
 rest/main/main.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rest/main/main.go b/rest/main/main.go
index e5996af083..b6783752ef 100644
--- a/rest/main/main.go
+++ b/rest/main/main.go
@@ -105,6 +105,7 @@ func main() {
 		Certificates:             prepareServerCertificate(),
 		ClientCAs:                prepareCACertificates(),
 		MinVersion:               tls.VersionTLS12,
+		PreferServerCipherSuites: true,
 	}
 
 	// Prepare HTTPS server