You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The documentation for the TLS package:
http://golang.org/pkg/crypto/tls/
and the comment at the top of tls.go:
https://github.com/tav/go/blob/master/src/pkg/crypto/tls/tls.go
both say:
"Package tls partially implements the TLS 1.1 protocol, as specified in RFC
4346."
However, from looking at the code, it appears it implements SSL 3.0 and TLS 1.0 for
servers, and only implements TLS 1.0 for clients. It does not appear to implement TLS
1.1.
Specifically, in common.go, it says:
minVersion = versionSSL30
maxVersion = versionTLS10
It appears that this min and max are used by the server, via the mutualVersion function.
The client has the additional constraint that the version be at least TLS 1.0, and
since the max is also TLS 1.0, the client only supports TLS 1.0.
It would be nice if TLS 1.1 (and even 1.2) was supported, but until then, the
documentation should accurately reflect the versions currently supported. Also, it
would be nice to expand upon what is meant by "partially implements". Are
there known ways in which the implementation does not conform to the SSL 3.0 and TLS 1.0
specifications? Are there known interoperability problems with other TLS
implementations?
The text was updated successfully, but these errors were encountered:
mikioh
changed the title
tls package says it implements TLS 1.1, but actually implements SSL 3.0 and TLS 1.0, but not 1.1
crypto/tls: package says it implements TLS 1.1, but actually implements SSL 3.0 and TLS 1.0, but not 1.1
Jan 14, 2015
by ppelleti@speakeasy.net:
The text was updated successfully, but these errors were encountered: