Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto/tls: package says it implements TLS 1.1, but actually implements SSL 3.0 and TLS 1.0, but not 1.1 #3216
The documentation for the TLS package: http://golang.org/pkg/crypto/tls/ and the comment at the top of tls.go: https://github.com/tav/go/blob/master/src/pkg/crypto/tls/tls.go both say: "Package tls partially implements the TLS 1.1 protocol, as specified in RFC 4346." However, from looking at the code, it appears it implements SSL 3.0 and TLS 1.0 for servers, and only implements TLS 1.0 for clients. It does not appear to implement TLS 1.1. Specifically, in common.go, it says: minVersion = versionSSL30 maxVersion = versionTLS10 It appears that this min and max are used by the server, via the mutualVersion function. The client has the additional constraint that the version be at least TLS 1.0, and since the max is also TLS 1.0, the client only supports TLS 1.0. It would be nice if TLS 1.1 (and even 1.2) was supported, but until then, the documentation should accurately reflect the versions currently supported. Also, it would be nice to expand upon what is meant by "partially implements". Are there known ways in which the implementation does not conform to the SSL 3.0 and TLS 1.0 specifications? Are there known interoperability problems with other TLS implementations?
This issue was closed.