Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl3.0 and TLS 1.3 #193

Closed
tegk opened this issue Nov 7, 2019 · 3 comments
Closed

ssl3.0 and TLS 1.3 #193

tegk opened this issue Nov 7, 2019 · 3 comments

Comments

@tegk
Copy link
Contributor

tegk commented Nov 7, 2019
edited
Loading

Is it correct to assume that we do not support TLS 1.3 at the moment but do support ssl3.0?

config.go:127:1

// https://golang.org/pkg/crypto/tls/#pkg-constants
var TLSProtocols = map[string]uint16{
	"ssl3.0": tls.VersionSSL30,
	"tls1.0": tls.VersionTLS10,
	"tls1.1": tls.VersionTLS11,
	"tls1.2": tls.VersionTLS12,
}

Shall we remove ssl3.0 as it will be deprecated in Go 1.14 and is not secure?
We also have to add TLS 1.3 :-)
@flashmob
Copy link
Owner

Yes, time to add TLS 1.3

To do:

  • remove SSL 3 from example config, also remove TLS_FALLBACK_SCSV form cipher suite list.

  • add TLS 1.3 support, and any new cipher options

  • Remove SSL 3 entirely, when built with Go 1.14 and higher.

@flashmob flashmob added the todo label Nov 27, 2019
@flashmob
Copy link
Owner

Hmm, there's no easy way to "Remove SSL 3 entirely, when built with Go 1.14 and higher."
Therefore, will leave it in for now & deprecate it, remove once it's actually removed from Go.

btw, TLS 1.3 adds some new ciphersuites, but these can't be configured. Assuming that they can be used with older TLS versions

@flashmob
Copy link
Owner

Actually, may be able to just use the // +build !go1.14 build tag to "Remove SSL 3 entirely, when built with Go 1.14 and higher." afterall :-)

Another issue is that it seems like Travis CI broke for Go 1.10 and 1.9, will remove these from the tests.

flashmob added a commit that referenced this issue Dec 28, 2019
@flashmob
issue #193 - added TLS 1.3 support for Go 1.13 or higher.
c2264ca 
- adds TLS 1.3 and new cipher-suites as config options
- remove SSLv3 and the TLS_FALLBACK_SCSV ciphersuite from the sample configuration
- removes SSLv3 and the TLS_FALLBACK_SCSV ciphersuite when building with Go 1.14 or above
- remove Go 1.10 and Go 1.9 from Travis CI tests, add Go 1.13
flashmob added a commit that referenced this issue Dec 28, 2019
@flashmob
issue #193 - added TLS 1.3 support for Go 1.13 or higher. (#203)
de9b608 
- adds TLS 1.3 and new cipher-suites as config options
- remove SSLv3 and the TLS_FALLBACK_SCSV ciphersuite from the sample configuration
- removes SSLv3 and the TLS_FALLBACK_SCSV ciphersuite when building with Go 1.14 or above
- remove Go 1.10 and Go 1.9 from Travis CI tests, add Go 1.13
@flashmob flashmob removed the todo label Dec 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@flashmob @tegk