From f28b8fce66ea127ddca6b10679cfd466438b5a3d Mon Sep 17 00:00:00 2001 From: Steven Allen Date: Sun, 29 Mar 2020 18:58:54 -0700 Subject: [PATCH] feat: tls by default Switches to TLS as the default security transports. --- core/node/groups.go | 2 +- core/node/libp2p/transport.go | 8 ++----- .../library-experimental-features/README.md | 2 -- docs/experimental-features.md | 22 +++++-------------- go.mod | 2 +- go.sum | 4 ++-- 6 files changed, 11 insertions(+), 29 deletions(-) diff --git a/core/node/groups.go b/core/node/groups.go index 5cd3a84b176..5b5c8476abe 100644 --- a/core/node/groups.go +++ b/core/node/groups.go @@ -102,7 +102,7 @@ func LibP2P(bcfg *BuildCfg, cfg *config.Config) fx.Option { fx.Invoke(libp2p.StartListening(cfg.Addresses.Swarm)), fx.Invoke(libp2p.SetupDiscovery(cfg.Discovery.MDNS.Enabled, cfg.Discovery.MDNS.Interval)), - fx.Provide(libp2p.Security(!bcfg.DisableEncryptedConnections, cfg.Experimental.PreferTLS)), + fx.Provide(libp2p.Security(!bcfg.DisableEncryptedConnections)), fx.Provide(libp2p.Routing), fx.Provide(libp2p.BaseRouting), diff --git a/core/node/libp2p/transport.go b/core/node/libp2p/transport.go index 33465a18381..3994da5c521 100644 --- a/core/node/libp2p/transport.go +++ b/core/node/libp2p/transport.go @@ -11,7 +11,7 @@ import ( var DefaultTransports = simpleOpt(libp2p.DefaultTransports) var QUIC = simpleOpt(libp2p.Transport(libp2pquic.NewTransport)) -func Security(enabled, preferTLS bool) interface{} { +func Security(enabled bool) interface{} { if !enabled { return func() (opts Libp2pOpts) { // TODO: shouldn't this be Errorf to guarantee visibility? @@ -22,11 +22,7 @@ func Security(enabled, preferTLS bool) interface{} { } } return func() (opts Libp2pOpts) { - if preferTLS { - opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New))) - } else { - opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New))) - } + opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New))) return opts } } diff --git a/docs/examples/library-experimental-features/README.md b/docs/examples/library-experimental-features/README.md index 2f50d024d79..6387f3618a9 100644 --- a/docs/examples/library-experimental-features/README.md +++ b/docs/examples/library-experimental-features/README.md @@ -58,8 +58,6 @@ func createTempRepo(ctx context.Context) (string, error) { cfg.Experimental.P2pHttpProxy = true // https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#quic cfg.Experimental.QUIC = true - // https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#tls-13-as-default-handshake-protocol - cfg.Experimental.PreferTLS = true // https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#strategic-providing cfg.Experimental.StrategicProviding = true diff --git a/docs/experimental-features.md b/docs/experimental-features.md index 6055f813cc8..64aa3b7c071 100644 --- a/docs/experimental-features.md +++ b/docs/experimental-features.md @@ -632,7 +632,7 @@ For listening on a QUIC address, add it the swarm addresses, e.g. `/ip4/0.0.0.0/ ### In Version -0.4.19-dev +0.4.19 ### State @@ -660,26 +660,14 @@ ipfs config --json Swarm.EnableAutoNATService true ## TLS 1.3 as default handshake protocol -### State - -Every go-ipfs node (>=0.4.21) accepts secio and TLS 1.3 connections but prefers -secio over TLS when dialing. To prefer TLS when dialing, you'll have to enable -this feature. - -### How to enable +### In Version -Modify your ipfs config: +0.5.0 -``` -ipfs config --json Experimental.PreferTLS true -``` - -### Road to being a real feature +### State -- [ ] needs testing -- [ ] needs adoption +Stable ---- ## Strategic Providing diff --git a/go.mod b/go.mod index ae15a374c4c..532bcc865dd 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/ipfs/go-ipfs-blockstore v0.1.4 github.com/ipfs/go-ipfs-chunker v0.0.5 github.com/ipfs/go-ipfs-cmds v0.1.4 - github.com/ipfs/go-ipfs-config v0.3.0 + github.com/ipfs/go-ipfs-config v0.4.0 github.com/ipfs/go-ipfs-ds-help v0.1.1 github.com/ipfs/go-ipfs-exchange-interface v0.0.1 github.com/ipfs/go-ipfs-exchange-offline v0.0.1 diff --git a/go.sum b/go.sum index ddb827ae85e..512a1c48877 100644 --- a/go.sum +++ b/go.sum @@ -246,8 +246,8 @@ github.com/ipfs/go-ipfs-chunker v0.0.5 h1:ojCf7HV/m+uS2vhUGWcogIIxiO5ubl5O57Q7Na github.com/ipfs/go-ipfs-chunker v0.0.5/go.mod h1:jhgdF8vxRHycr00k13FM8Y0E+6BoalYeobXmUyTreP8= github.com/ipfs/go-ipfs-cmds v0.1.4 h1:l5QAc1iaoMZeBd2vpanrHWs26haEBL4PVqgoHJNG2GE= github.com/ipfs/go-ipfs-cmds v0.1.4/go.mod h1:wm+C6M8FYDcWPU/EdWqMuHvdyWborFh+GuDl6Ov6sM0= -github.com/ipfs/go-ipfs-config v0.3.0 h1:fGs3JBqB9ia/Joi8up47uiKn150EOEqqVFwv8HZqXao= -github.com/ipfs/go-ipfs-config v0.3.0/go.mod h1:nSLCFtlaL+2rbl3F+9D4gQZQbT1LjRKx7TJg/IHz6oM= +github.com/ipfs/go-ipfs-config v0.4.0 h1:MOXdj8EYQG55v1y+5e1QcctDKPEGobdwnXaDVa0/cc0= +github.com/ipfs/go-ipfs-config v0.4.0/go.mod h1:nSLCFtlaL+2rbl3F+9D4gQZQbT1LjRKx7TJg/IHz6oM= github.com/ipfs/go-ipfs-delay v0.0.0-20181109222059-70721b86a9a8/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw= github.com/ipfs/go-ipfs-delay v0.0.1 h1:r/UXYyRcddO6thwOnhiznIAiSvxMECGgtv35Xs1IeRQ= github.com/ipfs/go-ipfs-delay v0.0.1/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw=