crypto/tls: change default minimum version to TLS 1.0.
SSLv3 (the old minimum) is still supported and can be enabled via the tls.Config, but this change increases the default minimum version to TLS 1.0. This is now common practice in light of the POODLE[1] attack against SSLv3's CBC padding format. [1] https://www.imperialviolet.org/2014/10/14/poodle.html Fixes #9364. Change-Id: Ibae6666ee038ceee0cb18c339c393155928c6510 Reviewed-on: https://go-review.googlesource.com/1791 Reviewed-by: Minux Ma <minux@golang.org>
This commit is contained in:
parent
18902d24a3
commit
0511e2597e
@ -30,7 +30,7 @@ const (
|
|||||||
recordHeaderLen = 5 // record header length
|
recordHeaderLen = 5 // record header length
|
||||||
maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB)
|
maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB)
|
||||||
|
|
||||||
minVersion = VersionSSL30
|
minVersion = VersionTLS10
|
||||||
maxVersion = VersionTLS12
|
maxVersion = VersionTLS12
|
||||||
)
|
)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user