Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: package says it implements TLS 1.1, but actually implements SSL 3.0 and TLS 1.0, but not 1.1 #3216

Closed
gopherbot opened this issue Mar 6, 2012 · 2 comments
Milestone

Comments

@gopherbot
Copy link

@gopherbot gopherbot commented Mar 6, 2012

by ppelleti@speakeasy.net:

The documentation for the TLS package:

http://golang.org/pkg/crypto/tls/

and the comment at the top of tls.go:

https://github.com/tav/go/blob/master/src/pkg/crypto/tls/tls.go

both say:

"Package tls partially implements the TLS 1.1 protocol, as specified in RFC
4346."

However, from looking at the code, it appears it implements SSL 3.0 and TLS 1.0 for
servers, and only implements TLS 1.0 for clients.  It does not appear to implement TLS
1.1.

Specifically, in common.go, it says:

    minVersion = versionSSL30
    maxVersion = versionTLS10

It appears that this min and max are used by the server, via the mutualVersion function.
 The client has the additional constraint that the version be at least TLS 1.0, and
since the max is also TLS 1.0, the client only supports TLS 1.0.

It would be nice if TLS 1.1 (and even 1.2) was supported, but until then, the
documentation should accurately reflect the versions currently supported.  Also, it
would be nice to expand upon what is meant by "partially implements".  Are
there known ways in which the implementation does not conform to the SSL 3.0 and TLS 1.0
specifications?  Are there known interoperability problems with other TLS
implementations?
@rsc

This comment has been minimized.

Copy link
Contributor

@rsc rsc commented Mar 6, 2012

Comment 1:

Adam, if you can tell me what the comment should say, I'm happy to fix it.

Labels changed: added priority-go1, removed priority-triage.

Owner changed to @agl.

Status changed to Accepted.

@agl

This comment has been minimized.

Copy link
Contributor

@agl agl commented Mar 6, 2012

Comment 2:

This issue was closed by revision 4f25e4b.

Status changed to Fixed.

@gopherbot gopherbot added fixed labels Mar 6, 2012
@mikioh mikioh changed the title tls package says it implements TLS 1.1, but actually implements SSL 3.0 and TLS 1.0, but not 1.1 crypto/tls: package says it implements TLS 1.1, but actually implements SSL 3.0 and TLS 1.0, but not 1.1 Jan 14, 2015
@rsc rsc added this to the Go1 milestone Apr 10, 2015
@rsc rsc removed the priority-go1 label Apr 10, 2015
@golang golang locked and limited conversation to collaborators Jun 24, 2016
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.