Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: package says it implements TLS 1.1, but actually implements SSL 3.0 and TLS 1.0, but not 1.1 #3216

Closed
gopherbot opened this issue Mar 6, 2012 · 2 comments
Closed

crypto/tls: package says it implements TLS 1.1, but actually implements SSL 3.0 and TLS 1.0, but not 1.1 #3216

gopherbot opened this issue Mar 6, 2012 · 2 comments
Labels
FrozenDueToAge
Milestone
Go1

Comments

@gopherbot
Copy link

by ppelleti@speakeasy.net:

The documentation for the TLS package:

http://golang.org/pkg/crypto/tls/

and the comment at the top of tls.go:

https://github.com/tav/go/blob/master/src/pkg/crypto/tls/tls.go

both say:

"Package tls partially implements the TLS 1.1 protocol, as specified in RFC
4346."

However, from looking at the code, it appears it implements SSL 3.0 and TLS 1.0 for
servers, and only implements TLS 1.0 for clients.  It does not appear to implement TLS
1.1.

Specifically, in common.go, it says:

    minVersion = versionSSL30
    maxVersion = versionTLS10

It appears that this min and max are used by the server, via the mutualVersion function.
 The client has the additional constraint that the version be at least TLS 1.0, and
since the max is also TLS 1.0, the client only supports TLS 1.0.

It would be nice if TLS 1.1 (and even 1.2) was supported, but until then, the
documentation should accurately reflect the versions currently supported.  Also, it
would be nice to expand upon what is meant by "partially implements".  Are
there known ways in which the implementation does not conform to the SSL 3.0 and TLS 1.0
specifications?  Are there known interoperability problems with other TLS
implementations?
@rsc
Copy link
Contributor

rsc commented Mar 6, 2012

Comment 1:

Adam, if you can tell me what the comment should say, I'm happy to fix it.

Labels changed: added priority-go1, removed priority-triage.

Owner changed to @agl.

Status changed to Accepted.

@agl
Copy link
Contributor

agl commented Mar 6, 2012

Comment 2:

This issue was closed by revision 4f25e4b.

Status changed to Fixed.

@mikioh mikioh changed the title tls package says it implements TLS 1.1, but actually implements SSL 3.0 and TLS 1.0, but not 1.1 crypto/tls: package says it implements TLS 1.1, but actually implements SSL 3.0 and TLS 1.0, but not 1.1 Jan 14, 2015
@rsc rsc added this to the Go1 milestone Apr 10, 2015
@rsc rsc removed the priority-go1 label Apr 10, 2015
@golang golang locked and limited conversation to collaborators Jun 24, 2016
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@agl
crypto/tls: make the package description more accurate and less aspir…
4c6dfb2 
…ational.

Fixes golang#3216.

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/5755056
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1
Development

No branches or pull requests
3 participants
@agl @rsc @gopherbot