crypto/tls: don't require Config to set MinVersion = TLS13 when using QUIC #63722
Labels
NeedsFix
The path to resolution is known, but the work has not been done.
Comments
|
Change https://go.dev/cl/537575 mentions this issue: |
|
This seems reasonable to me. There isn't any benefit I can see to forcing the user to set MinVersion, and implicitly upping it it to 1.3 for QUIC connections lets the same Config be reused for QUIC and non-QUIC cases. |
dr2chase
added
the
NeedsFix
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What version of Go are you using (
go version)?Does this issue reproduce with the latest release?
Yes
What did you do?
Using QUIC currently requires passing in a
tls.Configthat defines TLS 1.3 as its minimum TLS version. This makes it difficult to run a TLS/TCP and QUIC service using the sametls.Config, since the TLS/TCP service potentially doesn't want to limit the available TLS versions to TLS 1.3.The workaround applied by quic-go at the moment is cloning the config and setting TLS 1.3, but this has various downsides, as described by @dneil in #63691.
What did you expect to see?
crypto/tls knows when a
Configis used for QUIC. Instead of requiringMinVersionto be set explicitly, it should treat any config as if this field was set to TLS 1.3.The text was updated successfully, but these errors were encountered: