Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

*: use TLS.Config.MaxVersion to TLS 1.2

Browse Source 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
This commit is contained in:
Gyuho Lee 2019-09-06 11:38:03 -07:00
parent 42ad719155
commit a3f7202c5f
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
integration/v3_tls_test.go
View File

@ -56,9 +56,6 @@ func testTLSCipherSuites(t *testing.T, valid bool) {
if err != nil {
t.Fatal(err)
}
// go1.13 enables TLS13 by default, and in TLS13, cipher suites are not configurable
// setting Max TLS version to TLS12 for go1.13
cc.MaxVersion = tls.VersionTLS12
cli, cerr := clientv3.New(clientv3.Config{
Endpoints: []string{clus.Members[0].GRPCAddr()},
DialTimeout: time.Second,

10
pkg/transport/listener.go
View File

@ -377,6 +377,11 @@ func (info TLSInfo) ServerConfig() (*tls.Config, error) {
// "h2" NextProtos is necessary for enabling HTTP2 for go's HTTP server
cfg.NextProtos = []string{"h2"}
// go1.13 enables TLS 1.3 by default
// and in TLS 1.3, cipher suites are not configurable
// setting Max TLS version to TLS 1.2 for go 1.13
cfg.MaxVersion = tls.VersionTLS12
return cfg, nil
}
@ -428,6 +433,11 @@ func (info TLSInfo) ClientConfig() (*tls.Config, error) {
}
}
// go1.13 enables TLS 1.3 by default
// and in TLS 1.3, cipher suites are not configurable
// setting Max TLS version to TLS 1.2 for go 1.13
cfg.MaxVersion = tls.VersionTLS12
return cfg, nil
}