diff --git a/forks/goarista/gnmi/client.go b/forks/goarista/gnmi/client.go
index f9ed05b53fcd4852b7f5fa4c61d40e25c3688532..fc041336eb078e224f739bbad9f93dd2767c10fb 100644
--- a/forks/goarista/gnmi/client.go
+++ b/forks/goarista/gnmi/client.go
@@ -117,7 +117,9 @@ func DialContext(ctx context.Context, cfg *Config) (pb.GNMIClient, error) {
 	}
 
 	if cfg.TLS || cfg.CAFile != "" || cfg.CertFile != "" || cfg.Token != "" {
-		tlsConfig := &tls.Config{}
+		tlsConfig := &tls.Config{
+			MinVersion:                  tls.VersionTLS12,
+		}
 		if cfg.CAFile != "" {
 			b, err := ioutil.ReadFile(cfg.CAFile)
 			if err != nil {
diff --git a/nucleus/util/proto/message.go b/nucleus/util/proto/message.go
index 673be2f9df590416dac904c518d0058a5d31ad40..816c728e1948967130fe82aa9397ea798fb2da44 100644
--- a/nucleus/util/proto/message.go
+++ b/nucleus/util/proto/message.go
@@ -17,7 +17,7 @@ func Write(message proto.Message, filename string) error {
 		return fmt.Errorf("cannot marshal proto message to binary: %w", err)
 	}
 
-	err = ioutil.WriteFile(filename, data, 0644)
+	err = ioutil.WriteFile(filename, data, 0600)
 	if err != nil {
 		return fmt.Errorf("cannot write binary data to file: %w", err)
 	}