From dff06789099b1c515219e5df63a760150515b1d1 Mon Sep 17 00:00:00 2001
From: "Daniel, Dao Quang Minh" <dqminh89@gmail.com>
Date: Wed, 15 Oct 2014 22:39:51 -0400
Subject: [PATCH] Avoid fallback to SSL protocols < TLS1.0

Signed-off-by: Tibor Vass <teabee89@gmail.com>

Docker-DCO-1.1-Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com> (github: dqminh)

Conflicts:
	registry/registry.go
---
 docs/registry.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/registry.go b/docs/registry.go
index 15fed1b8..a03790af 100644
--- a/docs/registry.go
+++ b/docs/registry.go
@@ -37,7 +37,11 @@ const (
 )
 
 func newClient(jar http.CookieJar, roots *x509.CertPool, cert *tls.Certificate, timeout TimeoutType, secure bool) *http.Client {
-	tlsConfig := tls.Config{RootCAs: roots}
+	tlsConfig := tls.Config{
+		RootCAs: roots,
+		// Avoid fallback to SSL protocols < TLS1.0
+		MinVersion: tls.VersionTLS10,
+	}
 
 	if cert != nil {
 		tlsConfig.Certificates = append(tlsConfig.Certificates, *cert)