From df484bfa9e9ff3f34e09869a289d1568f2ee4e90 Mon Sep 17 00:00:00 2001 From: Lars Lehtonen Date: Tue, 19 Nov 2019 02:41:25 -0800 Subject: [PATCH] cmd/tlsconfig: remove support for deprecated tls.VersionSSL30 (#412) * cmd/tlsconfig: build tags to deprecate tls.VersionSSL30 from go1.14 * cmd/tlsconfig: build tags to turn off TLSv1.3 in go1.11 --- cmd/tlsconfig/tls_version_go11.go | 31 ++++++++++++++++++++++++ cmd/tlsconfig/tls_version_go12_go13.go | 33 ++++++++++++++++++++++++++ cmd/tlsconfig/tls_version_go14.go | 29 ++++++++++++++++++++++ cmd/tlsconfig/tlsconfig.go | 24 ------------------- 4 files changed, 93 insertions(+), 24 deletions(-) create mode 100644 cmd/tlsconfig/tls_version_go11.go create mode 100644 cmd/tlsconfig/tls_version_go12_go13.go create mode 100644 cmd/tlsconfig/tls_version_go14.go diff --git a/cmd/tlsconfig/tls_version_go11.go b/cmd/tlsconfig/tls_version_go11.go new file mode 100644 index 0000000..b54b996 --- /dev/null +++ b/cmd/tlsconfig/tls_version_go11.go @@ -0,0 +1,31 @@ +// +build !go1.12 + +// This file can be removed once go1.11 is no longer supported + +package main + +import ( + "crypto/tls" + "sort" +) + +func mapTLSVersions(tlsVersions []string) []int { + var versions []int + for _, tlsVersion := range tlsVersions { + switch tlsVersion { + case "TLSv1.2": + versions = append(versions, tls.VersionTLS12) + case "TLSv1.1": + versions = append(versions, tls.VersionTLS11) + case "TLSv1": + versions = append(versions, tls.VersionTLS10) + case "SSLv3": + // unsupported from go1.14 + versions = append(versions, tls.VersionSSL30) + default: + continue + } + } + sort.Ints(versions) + return versions +} diff --git a/cmd/tlsconfig/tls_version_go12_go13.go b/cmd/tlsconfig/tls_version_go12_go13.go new file mode 100644 index 0000000..ae29178 --- /dev/null +++ b/cmd/tlsconfig/tls_version_go12_go13.go @@ -0,0 +1,33 @@ +// +build go1.12,!go1.14 + +// This file can be removed once go1.13 is no longer supported + +package main + +import ( + "crypto/tls" + "sort" +) + +func mapTLSVersions(tlsVersions []string) []int { + var versions []int + for _, tlsVersion := range tlsVersions { + switch tlsVersion { + case "TLSv1.3": + versions = append(versions, tls.VersionTLS13) + case "TLSv1.2": + versions = append(versions, tls.VersionTLS12) + case "TLSv1.1": + versions = append(versions, tls.VersionTLS11) + case "TLSv1": + versions = append(versions, tls.VersionTLS10) + case "SSLv3": + // unsupported from go1.14 + versions = append(versions, tls.VersionSSL30) + default: + continue + } + } + sort.Ints(versions) + return versions +} diff --git a/cmd/tlsconfig/tls_version_go14.go b/cmd/tlsconfig/tls_version_go14.go new file mode 100644 index 0000000..a5c907c --- /dev/null +++ b/cmd/tlsconfig/tls_version_go14.go @@ -0,0 +1,29 @@ +// +build go1.14 !go1.11 + +// main +package main + +import ( + "crypto/tls" + "sort" +) + +func mapTLSVersions(tlsVersions []string) []int { + var versions []int + for _, tlsVersion := range tlsVersions { + switch tlsVersion { + case "TLSv1.3": + versions = append(versions, tls.VersionTLS13) + case "TLSv1.2": + versions = append(versions, tls.VersionTLS12) + case "TLSv1.1": + versions = append(versions, tls.VersionTLS11) + case "TLSv1": + versions = append(versions, tls.VersionTLS10) + default: + continue + } + } + sort.Ints(versions) + return versions +} diff --git a/cmd/tlsconfig/tlsconfig.go b/cmd/tlsconfig/tlsconfig.go index 0b3ed88..bcb5cf7 100644 --- a/cmd/tlsconfig/tlsconfig.go +++ b/cmd/tlsconfig/tlsconfig.go @@ -4,7 +4,6 @@ package main import ( "bytes" - "crypto/tls" "encoding/json" "errors" "flag" @@ -14,7 +13,6 @@ import ( "log" "net/http" "path/filepath" - "sort" "strings" "github.com/mozilla/tls-observatory/constants" @@ -112,28 +110,6 @@ func getGoCipherConfig(name string, sstls ServerSideTLSJson) (goCipherConfigurat return cipherConf, nil } -func mapTLSVersions(tlsVersions []string) []int { - var versions []int - for _, tlsVersion := range tlsVersions { - switch tlsVersion { - case "TLSv1.3": - versions = append(versions, tls.VersionTLS13) - case "TLSv1.2": - versions = append(versions, tls.VersionTLS12) - case "TLSv1.1": - versions = append(versions, tls.VersionTLS11) - case "TLSv1": - versions = append(versions, tls.VersionTLS10) - case "SSLv3": - versions = append(versions, tls.VersionSSL30) - default: - continue - } - } - sort.Ints(versions) - return versions -} - func getGoTLSConf() (goTLSConfiguration, error) { sstls, err := getTLSConfFromURL(TLSConfURL) if err != nil || sstls == nil {