1
0
mirror of https://github.com/golang/go synced 2024-11-23 20:20:01 -07:00

crypto/tls: enable TLS 1.3 by default

Updates #30055

Change-Id: I3e79dd7592673c5d76568b0bcded6c391c3be6b3
Reviewed-on: https://go-review.googlesource.com/c/163081
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Filippo Valsorda 2019-02-20 13:50:08 -05:00
parent 8834353072
commit 5a1c7b5841
3 changed files with 6 additions and 18 deletions

View File

@ -776,7 +776,7 @@ func (c *Config) supportedVersions(isClient bool) []uint16 {
if isClient && v < VersionTLS10 {
continue
}
// TLS 1.3 is opt-in in Go 1.12.
// TLS 1.3 is opt-out in Go 1.13.
if v == VersionTLS13 && !isTLS13Supported() {
continue
}
@ -791,11 +791,11 @@ var tls13Support struct {
cached bool
}
// isTLS13Supported returns whether the program opted into TLS 1.3 via
// GODEBUG=tls13=1. It's cached after the first execution.
// isTLS13Supported returns whether the program enabled TLS 1.3 by not opting
// out with GODEBUG=tls13=0. It's cached after the first execution.
func isTLS13Supported() bool {
tls13Support.Do(func() {
tls13Support.cached = goDebugString("tls13") == "1"
tls13Support.cached = goDebugString("tls13") != "0"
})
return tls13Support.cached
}

View File

@ -5,14 +5,9 @@
// Package tls partially implements TLS 1.2, as specified in RFC 5246,
// and TLS 1.3, as specified in RFC 8446.
//
// TLS 1.3 is available only on an opt-in basis in Go 1.12. To enable
// TLS 1.3 is available on an opt-out basis in Go 1.13. To disable
// it, set the GODEBUG environment variable (comma-separated key=value
// options) such that it includes "tls13=1". To enable it from within
// the process, set the environment variable before any use of TLS:
//
// func init() {
// os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
// }
// options) such that it includes "tls13=0".
package tls
// BUG(agl): The crypto/tls package only implements some countermeasures

View File

@ -23,13 +23,6 @@ import (
"time"
)
func init() {
// TLS 1.3 is opt-in for Go 1.12, but we want to run most tests with it enabled.
// TestTLS13Switch below tests the disabled behavior. See Issue 30055.
tls13Support.Do(func() {}) // defuse the sync.Once
tls13Support.cached = true
}
var rsaCertPEM = `-----BEGIN CERTIFICATE-----
MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX