mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-05 04:57:35 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: enable TLS 1.3 by default

Browse source 
Updates #30055

Change-Id: I3e79dd7592673c5d76568b0bcded6c391c3be6b3
Reviewed-on: https://go-review.googlesource.com/c/163081
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Filippo Valsorda 2019-02-20 13:50:08 -05:00
parent 2e9a42ccc2
commit 5d20f2d294
3 changed files with 6 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

8
common.go
View file

@ -776,7 +776,7 @@ func (c *Config) supportedVersions(isClient bool) []uint16 {
if isClient && v < VersionTLS10 { if isClient && v < VersionTLS10 {
continue continue
} }
// TLS 1.3 is opt-in in Go 1.12. // TLS 1.3 is opt-out in Go 1.13.
if v == VersionTLS13 && !isTLS13Supported() { if v == VersionTLS13 && !isTLS13Supported() {
continue continue
} }
@ -791,11 +791,11 @@ var tls13Support struct {
cached bool cached bool
} }
// isTLS13Supported returns whether the program opted into TLS 1.3 via // isTLS13Supported returns whether the program enabled TLS 1.3 by not opting
// GODEBUG=tls13=1. It's cached after the first execution. // out with GODEBUG=tls13=0. It's cached after the first execution.
func isTLS13Supported() bool { func isTLS13Supported() bool {
tls13Support.Do(func() { tls13Support.Do(func() {
tls13Support.cached = goDebugString("tls13") == "1" tls13Support.cached = goDebugString("tls13") != "0"
}) })
return tls13Support.cached return tls13Support.cached
} }

9
tls.go
View file

@ -5,14 +5,9 @@
// Package tls partially implements TLS 1.2, as specified in RFC 5246, // Package tls partially implements TLS 1.2, as specified in RFC 5246,
// and TLS 1.3, as specified in RFC 8446. // and TLS 1.3, as specified in RFC 8446.
// //
// TLS 1.3 is available only on an opt-in basis in Go 1.12. To enable // TLS 1.3 is available on an opt-out basis in Go 1.13. To disable
// it, set the GODEBUG environment variable (comma-separated key=value // it, set the GODEBUG environment variable (comma-separated key=value
// options) such that it includes "tls13=1". To enable it from within // options) such that it includes "tls13=0".
// the process, set the environment variable before any use of TLS:
//
// func init() {
// os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
// }
package tls package tls
// BUG(agl): The crypto/tls package only implements some countermeasures // BUG(agl): The crypto/tls package only implements some countermeasures

7
tls_test.go
View file

@ -23,13 +23,6 @@ import (
"time" "time"
) )
func init() {
// TLS 1.3 is opt-in for Go 1.12, but we want to run most tests with it enabled.
// TestTLS13Switch below tests the disabled behavior. See Issue 30055.
tls13Support.Do(func() {}) // defuse the sync.Once
tls13Support.cached = true
}
var rsaCertPEM = `-----BEGIN CERTIFICATE----- var rsaCertPEM = `-----BEGIN CERTIFICATE-----
MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX