crypto/tls: change default minimum version to TLS 1.0.

SSLv3 (the old minimum) is still supported and can be enabled via the tls.Config, but this change increases the default minimum version to TLS 1.0. This is now common practice in light of the POODLE[1] attack against SSLv3's CBC padding format. [1] https://www.imperialviolet.org/2014/10/14/poodle.html Fixes #9364. Change-Id: Ibae6666ee038ceee0cb18c339c393155928c6510 Reviewed-on: https://go-review.googlesource.com/1791 Reviewed-by: Minux Ma <minux@golang.org>
author: Adam Langley <agl@golang.org> 2014-12-18 11:31:14 -0800
committer: Adam Langley <agl@golang.org> 2014-12-18 19:49:41 +0000
commit: 604fa4d5a149c334ff0bd5d191c4c4e29f75545d (patch)
tree: c81eb5b26a5091d6040e02e3f93a02418091b640 /src
parent: 1965b035844b3e8e8b9dd3c21a113345c7eee8b1 (diff)
download: go-604fa4d5a149c334ff0bd5d191c4c4e29f75545d.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index 776b70c93c..e3c6004bc5 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -30,7 +30,7 @@ const (
 	recordHeaderLen = 5            // record header length
 	maxHandshake    = 65536        // maximum handshake we support (protocol max is 16 MB)
 
-	minVersion = VersionSSL30
+	minVersion = VersionTLS10
 	maxVersion = VersionTLS12
 )
author	Adam Langley <agl@golang.org>	2014-12-18 11:31:14 -0800
committer	Adam Langley <agl@golang.org>	2014-12-18 19:49:41 +0000
commit	604fa4d5a149c334ff0bd5d191c4c4e29f75545d (patch)
tree	c81eb5b26a5091d6040e02e3f93a02418091b640 /src
parent	1965b035844b3e8e8b9dd3c21a113345c7eee8b1 (diff)
download	go-604fa4d5a149c334ff0bd5d191c4c4e29f75545d.tar.xz