[#878] neofs-node: default to secure TLS settings

Support TLS >=1.2 only and strong cipher suites.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>

cmd/neofs-node/config/grpc/config.go

@@ -78,6 +78,11 @@ func (tls TLSConfig) CertificateFile() string {
 	return v
 }
 
+// UseInsecureCrypto returns true if TLS 1.2 cipher suite should not be restricted.
+func (tls TLSConfig) UseInsecureCrypto() bool {
+	return config.BoolSafe(tls.cfg, "use_insecure_crypto")
+}
+
 // IterateEndpoints iterates over subsections ["0":"N") (N - "num" value)
 // of "grpc" section of c, wrap them into Config and passes to f.
 //

cmd/neofs-node/config/grpc/config_test.go

@@ -31,12 +31,17 @@ func TestGRPCSection(t *testing.T) {
 			case 0:
 				require.Equal(t, "s01.neofs.devenv:8080", sc.Endpoint())
 
+				require.NotNil(t, tls)
 				require.Equal(t, "/path/to/cert", tls.CertificateFile())
 				require.Equal(t, "/path/to/key", tls.KeyFile())
+				require.False(t, tls.UseInsecureCrypto())
 			case 1:
 				require.Equal(t, "s02.neofs.devenv:8080", sc.Endpoint())
-
 				require.Nil(t, tls)
+			case 2:
+				require.Equal(t, "s03.neofs.devenv:8080", sc.Endpoint())
+				require.NotNil(t, tls)
+				require.True(t, tls.UseInsecureCrypto())
 			}
 		})
 	}