Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: don't require Config to set MinVersion = TLS13 when using QUIC #63722

Open
marten-seemann opened this issue Oct 25, 2023 · 2 comments
Open

crypto/tls: don't require Config to set MinVersion = TLS13 when using QUIC #63722

marten-seemann opened this issue Oct 25, 2023 · 2 comments
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unplanned

Comments

@marten-seemann
Copy link
Contributor

What version of Go are you using (go version)?

$ go version
go version go1.21.0 darwin/arm64

Does this issue reproduce with the latest release?

Yes

What did you do?

Using QUIC currently requires passing in a tls.Config that defines TLS 1.3 as its minimum TLS version. This makes it difficult to run a TLS/TCP and QUIC service using the same tls.Config, since the TLS/TCP service potentially doesn't want to limit the available TLS versions to TLS 1.3.

The workaround applied by quic-go at the moment is cloning the config and setting TLS 1.3, but this has various downsides, as described by @dneil in #63691.

What did you expect to see?

crypto/tls knows when a Config is used for QUIC. Instead of requiring MinVersion to be set explicitly, it should treat any config as if this field was set to TLS 1.3.
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/537575 mentions this issue: crypto/tls: don't require Config.Minversion to be set when using QUIC

@marten-seemann marten-seemann mentioned this issue Oct 25, 2023
Closed
@neild
Copy link
Contributor

neild commented Oct 25, 2023

This seems reasonable to me. There isn't any benefit I can see to forcing the user to set MinVersion, and implicitly upping it it to 1.3 for QUIC connections lets the same Config be reused for QUIC and non-QUIC cases.

@dr2chase dr2chase added the NeedsFix The path to resolution is known, but the work has not been done. label Oct 25, 2023
@dr2chase dr2chase mentioned this issue Oct 25, 2023
Closed
@marten-seemann marten-seemann mentioned this issue Oct 27, 2023
Closed
@gabyhelp gabyhelp mentioned this issue Jun 22, 2024
Closed
@seankhliao seankhliao added this to the Unplanned milestone Jul 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
5 participants
@neild @marten-seemann @dr2chase @gopherbot @seankhliao