From ad990954e22f54c1d747f148790b6ecc85746ac2 Mon Sep 17 00:00:00 2001
From: Nat Welch <natwelch@google.com>
Date: Fri, 16 Oct 2020 17:28:54 -0400
Subject: [PATCH] Set default to tls 1.2

---
 terraform/verification-lb.tf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/terraform/verification-lb.tf b/terraform/verification-lb.tf
index e368d3fc7..99b409f9c 100644
--- a/terraform/verification-lb.tf
+++ b/terraform/verification-lb.tf
@@ -17,6 +17,12 @@ locals {
   enable_lb = length(local.all_hosts) > 0
 }
 
+resource "google_compute_ssl_policy" "one-two-ssl-policy" {
+  name            = "one-two-ssl-policy"
+  profile         = "MODERN"
+  min_tls_version = "TLS_1_2"
+}
+
 resource "google_compute_global_address" "verification-server" {
   count = local.enable_lb ? 1 : 0
 
@@ -122,6 +128,7 @@ resource "google_compute_target_https_proxy" "https" {
 
   url_map          = google_compute_url_map.urlmap-https[0].id
   ssl_certificates = [google_compute_managed_ssl_certificate.default[0].id]
+  ssl_policy       = google_compute_ssl_policy.one-two-ssl-policy
 }
 
 resource "google_compute_global_forwarding_rule" "http" {