From 1133e53dfeb7a408156b77c34ec289510efed691 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Thu, 18 Apr 2019 09:17:20 +0900 Subject: [PATCH] add an experiment to prefer TLS 1.3 over secio License: MIT Signed-off-by: Marten Seemann --- core/node/libp2p.go | 6 +++++- docs/experimental-features.md | 19 +++++++++++++++++++ go.mod | 2 ++ go.sum | 2 ++ 4 files changed, 28 insertions(+), 1 deletion(-) diff --git a/core/node/libp2p.go b/core/node/libp2p.go index a4feb6cd3528..ee29dd8350c6 100644 --- a/core/node/libp2p.go +++ b/core/node/libp2p.go @@ -362,7 +362,11 @@ func P2PSecurity(enabled bool) interface{} { } } return func(cfg *config.Config) (opts Libp2pOpts) { - opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New))) + if cfg.Experimental.PreferTLS { + opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New))) + } else { + opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New))) + } return opts } } diff --git a/docs/experimental-features.md b/docs/experimental-features.md index 192cd61d82f7..2bedaafb17f9 100644 --- a/docs/experimental-features.md +++ b/docs/experimental-features.md @@ -683,3 +683,22 @@ ipfs config --json Swarm.EnableAutoNATService true ### Road to being a real feature - [ ] needs testing + + +## TLS 1.3 as default handshake protocol + +### State + +Every node accepts secio and TLS 1.3 connections, but prefers secio over TLS when dialing. + +### How to enable + +Modify your ipfs config: + +``` +ipfs config --json Experimental.PreferTLS true +``` + +### Road to being a real feature + +- [ ] needs testing diff --git a/go.mod b/go.mod index 9e5222421852..9eb5a7782761 100644 --- a/go.mod +++ b/go.mod @@ -124,3 +124,5 @@ require ( ) go 1.12 + +replace github.com/ipfs/go-ipfs-config => github.com/marten-seemann/go-ipfs-config v0.2.5-0.20190418001109-c95be0eacc9f diff --git a/go.sum b/go.sum index ebcae5c1445d..2549b023124e 100644 --- a/go.sum +++ b/go.sum @@ -407,6 +407,8 @@ github.com/lucas-clemente/quic-go v0.11.1 h1:zasajC848Dqq/+WqfqBCkmPw+YHNe1MBts/ github.com/lucas-clemente/quic-go v0.11.1/go.mod h1:PpMmPfPKO9nKJ/psF49ESTAGQSdfXxlg1otPbEB2nOw= github.com/lucas-clemente/quic-go-certificates v0.0.0-20160823095156-d2f86524cced h1:zqEC1GJZFbGZA0tRyNZqRjep92K5fujFtFsu5ZW7Aug= github.com/lucas-clemente/quic-go-certificates v0.0.0-20160823095156-d2f86524cced/go.mod h1:NCcRLrOTZbzhZvixZLlERbJtDtYsmMw8Jc4vS8Z0g58= +github.com/marten-seemann/go-ipfs-config v0.2.5-0.20190418001109-c95be0eacc9f h1:BxUuY6c04BdToewKgS6w5ihKC8s4tw1nN9tlqZecxlw= +github.com/marten-seemann/go-ipfs-config v0.2.5-0.20190418001109-c95be0eacc9f/go.mod h1:KDbHjNyg4e6LLQSQpkgQMBz6Jf4LXiWAcmnkcwmH0DU= github.com/marten-seemann/qtls v0.2.3 h1:0yWJ43C62LsZt08vuQJDK1uC1czUc3FJeCLPoNAI4vA= github.com/marten-seemann/qtls v0.2.3/go.mod h1:xzjG7avBwGGbdZ8dTGxlBnLArsVKLvwmjgmPuiQEcYk= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=