crypto/tls: change default minimum version to 1.2

Updates the default from 1.0 -> 1.2 for servers, bringing it in line with clients. Add a GODEBUG setting, tls10server, which lets users revert this change. Fixes #62459 Change-Id: I2b82f85b1c2d527df1f9afefae4ab30a8f0ceb41 Reviewed-on: https://go-review.googlesource.com/c/go/+/541516 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
2025-04-03 20:17:36 +03:00 · 2023-11-10 10:12:48 -08:00 · 2023-11-10 10:12:48 -08:00 · 3dc2410818
commit 3dc2410818
parent 59d4a9c7c4
3 changed files with 27 additions and 20 deletions
--- a/tls_test.go
+++ b/tls_test.go
@ -1365,6 +1365,7 @@ func TestClientHelloInfo_SupportsCertificate(t *testing.T) {
 			SupportedPoints:   []uint8{pointFormatUncompressed},
 			SignatureSchemes:  []SignatureScheme{Ed25519},
 			SupportedVersions: []uint16{VersionTLS10},
+			config:            &Config{MinVersion: VersionTLS10},
 		}, "doesn't support Ed25519"},
 		{ed25519Cert, &ClientHelloInfo{
 			CipherSuites:      []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
@ -1379,6 +1380,7 @@ func TestClientHelloInfo_SupportsCertificate(t *testing.T) {
 			SupportedCurves:   []CurveID{CurveP256}, // only relevant for ECDHE support
 			SupportedPoints:   []uint8{pointFormatUncompressed},
 			SupportedVersions: []uint16{VersionTLS10},
+			config:            &Config{MinVersion: VersionTLS10},
 		}, ""},
 		{rsaCert, &ClientHelloInfo{
 			CipherSuites:      []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},