New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[breaking change] Add the ability to control minimum TLS version in SecurityContext #55679
Comments
Should we consider doing a slightly different breaking change to simplify further changes to this class? Consider something like: final class SecurityContextOption<T> {
final String name;
const SecurityContextOption._(this.name);
static const minimumTlsProtocolVersion = SecurityContextOption<TlsProtocolVersion>('TlsProtocolVersion');
}
abstract interface class SecurityContext {
void setOption<T>(SecurityContextOption<T> option, T value);
T getOption<T>(SecurityContextOption<T> option);
} It does look pretty ugly, but then we can add further configuration options without thinking about unfortunate souls who decided to implement I guess another option is to figure out why |
I changed it to an interface as part of the class modifier addition process following the general rule that everything that every abstract class that does not define any instance methods is logically an interface. Changing it to Any thoughts @lrhn ? |
SGTM, ship it! 😁 |
I created a new issue (#55786) that will supercede this one if accepted. |
@brianquinlan do we want to close this one out in favor of #55786? |
@itsjustkevin assuming that #55786 is accepted, then yes. Can we defer the decision on this issue until a decision on #55786 is made? |
Change Intent
Add a new property to
SecurityContext
to control the minimum TLS version like:Justification
Allows the developer to refuse TLS connections that aren't sufficiently secure.
See #54901
Impact
All classes that
implements SecurityContext
(without extends Mock or equivalent noSuchMethod implementation) will need to be updated.A search on Github finds one such instance outside of the Dart SDK.
Mitigation
Developers implementing
SecurityContext
must add theminimumTlsProtocolVersion
field.Change Timeline
N/A
Associated CLs
API POC PR: https://dart-review.googlesource.com/c/sdk/+/365664
The text was updated successfully, but these errors were encountered: