From 1479a9344f718bcfe642950a7711216c86bcb619 Mon Sep 17 00:00:00 2001
From: michel-laterman <michel.laterman@elastic.co>
Date: Wed, 4 Dec 2024 12:36:43 -0800
Subject: [PATCH] Introduce tlscommon.SetInsecureDefaults

---
 transport/tlscommon/versions_default.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/transport/tlscommon/versions_default.go b/transport/tlscommon/versions_default.go
index 7ea64a7b..c28fc4a3 100644
--- a/transport/tlscommon/versions_default.go
+++ b/transport/tlscommon/versions_default.go
@@ -29,7 +29,9 @@ const (
 	TLSVersion11 TLSVersion = tls.VersionTLS11
 	TLSVersion12 TLSVersion = tls.VersionTLS12
 	TLSVersion13 TLSVersion = tls.VersionTLS13
+)
 
+var (
 	// TLSVersionMin is the min TLS version supported.
 	TLSVersionMin = TLSVersion10
 
@@ -60,6 +62,20 @@ var tlsProtocolVersions = map[string]TLSVersion{
 	"TLSv1.3": TLSVersion13,
 }
 
+// SetInsecureDefaults is currently a nop as the default versions have not changed.
+//
+// This function is used to avoid a breaking change on previous releases.
+// We plan on the default minimum versions list to exclude TLS1.1, and not allow TLS1.0 in a future library update.
+func SetInsecureDefaults() {
+	TLSVersionMin = TLSVersion10
+	TLSVersionDefaultMin = TLSVersion11
+	TLSDefaultVersions = []TLSVersion{
+		TLSVersion11,
+		TLSVersion12,
+		TLSVersion13,
+	}
+}
+
 // Intended for ECS's tls.version_protocol_field, which does not include
 // numeric version and should be lower case
 type TLSVersionDetails struct {