add an experiment to prefer TLS 1.3 over secio

License: MIT Signed-off-by: Marten Seemann <[email protected]>
ipfs · Apr 18, 2019 · 1133e53 · 1133e53
1 parent ed3729d
commit 1133e53
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 1 deletion.
diff --git a/core/node/libp2p.go b/core/node/libp2p.go
@@ -362,7 +362,11 @@ func P2PSecurity(enabled bool) interface{} {
 		}
 	}
 	return func(cfg *config.Config) (opts Libp2pOpts) {
-		opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New)))
+		if cfg.Experimental.PreferTLS {
+			opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New)))
+		} else {
+			opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New)))
+		}
 		return opts
 	}
 }

diff --git a/docs/experimental-features.md b/docs/experimental-features.md
@@ -683,3 +683,22 @@ ipfs config --json Swarm.EnableAutoNATService true
 ### Road to being a real feature
 
 - [ ] needs testing
+
+
+## TLS 1.3 as default handshake protocol
+
+### State
+
+Every node accepts secio and TLS 1.3 connections, but prefers secio over TLS when dialing.
+
+### How to enable
+
+Modify your ipfs config:
+
+```
+ipfs config --json Experimental.PreferTLS true
+```
+
+### Road to being a real feature
+
+- [ ] needs testing
diff --git a/go.mod b/go.mod
@@ -124,3 +124,5 @@ require (
 )
 
 go 1.12
+
+replace github.com/ipfs/go-ipfs-config => github.com/marten-seemann/go-ipfs-config v0.2.5-0.20190418001109-c95be0eacc9f
diff --git a/go.sum b/go.sum
@@ -407,6 +407,8 @@ github.com/lucas-clemente/quic-go v0.11.1 h1:zasajC848Dqq/+WqfqBCkmPw+YHNe1MBts/
 github.com/lucas-clemente/quic-go v0.11.1/go.mod h1:PpMmPfPKO9nKJ/psF49ESTAGQSdfXxlg1otPbEB2nOw=
 github.com/lucas-clemente/quic-go-certificates v0.0.0-20160823095156-d2f86524cced h1:zqEC1GJZFbGZA0tRyNZqRjep92K5fujFtFsu5ZW7Aug=
 github.com/lucas-clemente/quic-go-certificates v0.0.0-20160823095156-d2f86524cced/go.mod h1:NCcRLrOTZbzhZvixZLlERbJtDtYsmMw8Jc4vS8Z0g58=
+github.com/marten-seemann/go-ipfs-config v0.2.5-0.20190418001109-c95be0eacc9f h1:BxUuY6c04BdToewKgS6w5ihKC8s4tw1nN9tlqZecxlw=
+github.com/marten-seemann/go-ipfs-config v0.2.5-0.20190418001109-c95be0eacc9f/go.mod h1:KDbHjNyg4e6LLQSQpkgQMBz6Jf4LXiWAcmnkcwmH0DU=
 github.com/marten-seemann/qtls v0.2.3 h1:0yWJ43C62LsZt08vuQJDK1uC1czUc3FJeCLPoNAI4vA=
 github.com/marten-seemann/qtls v0.2.3/go.mod h1:xzjG7avBwGGbdZ8dTGxlBnLArsVKLvwmjgmPuiQEcYk=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
Original file line number	Diff line number	Diff line change
Expand Up		@@ -124,3 +124,5 @@ require (
		)

		go 1.12

		replace github.com/ipfs/go-ipfs-config => github.com/marten-seemann/go-ipfs-config v0.2.5-0.20190418001109-c95be0eacc9f