cmd/tlsconfig: remove support for deprecated tls.VersionSSL30 (#412)

* cmd/tlsconfig: build tags to deprecate tls.VersionSSL30 from go1.14

* cmd/tlsconfig: build tags to turn off TLSv1.3 in go1.11
This commit is contained in:
Lars Lehtonen 2019-11-19 02:41:25 -08:00 committed by Cosmin Cojocar
parent b4c76d4234
commit df484bfa9e
4 changed files with 93 additions and 24 deletions

View file

@ -0,0 +1,31 @@
// +build !go1.12
// This file can be removed once go1.11 is no longer supported
package main
import (
"crypto/tls"
"sort"
)
func mapTLSVersions(tlsVersions []string) []int {
var versions []int
for _, tlsVersion := range tlsVersions {
switch tlsVersion {
case "TLSv1.2":
versions = append(versions, tls.VersionTLS12)
case "TLSv1.1":
versions = append(versions, tls.VersionTLS11)
case "TLSv1":
versions = append(versions, tls.VersionTLS10)
case "SSLv3":
// unsupported from go1.14
versions = append(versions, tls.VersionSSL30)
default:
continue
}
}
sort.Ints(versions)
return versions
}

View file

@ -0,0 +1,33 @@
// +build go1.12,!go1.14
// This file can be removed once go1.13 is no longer supported
package main
import (
"crypto/tls"
"sort"
)
func mapTLSVersions(tlsVersions []string) []int {
var versions []int
for _, tlsVersion := range tlsVersions {
switch tlsVersion {
case "TLSv1.3":
versions = append(versions, tls.VersionTLS13)
case "TLSv1.2":
versions = append(versions, tls.VersionTLS12)
case "TLSv1.1":
versions = append(versions, tls.VersionTLS11)
case "TLSv1":
versions = append(versions, tls.VersionTLS10)
case "SSLv3":
// unsupported from go1.14
versions = append(versions, tls.VersionSSL30)
default:
continue
}
}
sort.Ints(versions)
return versions
}

View file

@ -0,0 +1,29 @@
// +build go1.14 !go1.11
// main
package main
import (
"crypto/tls"
"sort"
)
func mapTLSVersions(tlsVersions []string) []int {
var versions []int
for _, tlsVersion := range tlsVersions {
switch tlsVersion {
case "TLSv1.3":
versions = append(versions, tls.VersionTLS13)
case "TLSv1.2":
versions = append(versions, tls.VersionTLS12)
case "TLSv1.1":
versions = append(versions, tls.VersionTLS11)
case "TLSv1":
versions = append(versions, tls.VersionTLS10)
default:
continue
}
}
sort.Ints(versions)
return versions
}

View file

@ -4,7 +4,6 @@ package main
import ( import (
"bytes" "bytes"
"crypto/tls"
"encoding/json" "encoding/json"
"errors" "errors"
"flag" "flag"
@ -14,7 +13,6 @@ import (
"log" "log"
"net/http" "net/http"
"path/filepath" "path/filepath"
"sort"
"strings" "strings"
"github.com/mozilla/tls-observatory/constants" "github.com/mozilla/tls-observatory/constants"
@ -112,28 +110,6 @@ func getGoCipherConfig(name string, sstls ServerSideTLSJson) (goCipherConfigurat
return cipherConf, nil return cipherConf, nil
} }
func mapTLSVersions(tlsVersions []string) []int {
var versions []int
for _, tlsVersion := range tlsVersions {
switch tlsVersion {
case "TLSv1.3":
versions = append(versions, tls.VersionTLS13)
case "TLSv1.2":
versions = append(versions, tls.VersionTLS12)
case "TLSv1.1":
versions = append(versions, tls.VersionTLS11)
case "TLSv1":
versions = append(versions, tls.VersionTLS10)
case "SSLv3":
versions = append(versions, tls.VersionSSL30)
default:
continue
}
}
sort.Ints(versions)
return versions
}
func getGoTLSConf() (goTLSConfiguration, error) { func getGoTLSConf() (goTLSConfiguration, error) {
sstls, err := getTLSConfFromURL(TLSConfURL) sstls, err := getTLSConfFromURL(TLSConfURL)
if err != nil || sstls == nil { if err != nil || sstls == nil {