diff options
| author | Adam Langley <agl@golang.org> | 2014-12-18 11:31:14 -0800 |
|---|---|---|
| committer | Adam Langley <agl@golang.org> | 2014-12-18 19:49:41 +0000 |
| commit | 604fa4d5a149c334ff0bd5d191c4c4e29f75545d (patch) | |
| tree | c81eb5b26a5091d6040e02e3f93a02418091b640 | |
| parent | 1965b035844b3e8e8b9dd3c21a113345c7eee8b1 (diff) | |
| download | go-604fa4d5a149c334ff0bd5d191c4c4e29f75545d.tar.xz | |
crypto/tls: change default minimum version to TLS 1.0.
SSLv3 (the old minimum) is still supported and can be enabled via the
tls.Config, but this change increases the default minimum version to TLS
1.0. This is now common practice in light of the POODLE[1] attack
against SSLv3's CBC padding format.
[1] https://www.imperialviolet.org/2014/10/14/poodle.html
Fixes #9364.
Change-Id: Ibae6666ee038ceee0cb18c339c393155928c6510
Reviewed-on: https://go-review.googlesource.com/1791
Reviewed-by: Minux Ma <minux@golang.org>
| -rw-r--r-- | src/crypto/tls/common.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go index 776b70c93c..e3c6004bc5 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -30,7 +30,7 @@ const ( recordHeaderLen = 5 // record header length maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) - minVersion = VersionSSL30 + minVersion = VersionTLS10 maxVersion = VersionTLS12 ) |