crypto/tls: change default minimum version to TLS 1.0.

SSLv3 (the old minimum) is still supported and can be enabled via the tls.Config, but this change increases the default minimum version to TLS 1.0. This is now common practice in light of the POODLE[1] attack against SSLv3's CBC padding format. [1] https://www.imperialviolet.org/2014/10/14/poodle.html Fixes #9364. Change-Id: Ibae6666ee038ceee0cb18c339c393155928c6510 Reviewed-on: https://go-review.googlesource.com/1791Reviewed-by: Minux Ma <minux@golang.org>

crypto/tls: change default minimum version to TLS 1.0.
SSLv3 (the old minimum) is still supported and can be enabled via the tls.Config, but this change increases the default minimum version to TLS 1.0. This is now common practice in light of the POODLE[1] attack against SSLv3's CBC padding format. [1] https://www.imperialviolet.org/2014/10/14/poodle.html Fixes #9364. Change-Id: Ibae6666ee038ceee0cb18c339c393155928c6510 Reviewed-on: https://go-review.googlesource.com/1791Reviewed-by: Minux Ma <minux@golang.org>
604fa4d5 · Adam Langley · 1965b035 · 604fa4d5
Commit 604fa4d5 authored Dec 18, 2014 by Adam Langley
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

common.go src/crypto/tls/common.go +1 -1

No files found.
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -30,7 +30,7 @@ const (
 	recordHeaderLen = 5            // record header length
 	maxHandshake    = 65536        // maximum handshake we support (protocol max is 16 MB)

-	minVersion = VersionSSL30
+	minVersion = VersionTLS10
 	maxVersion = VersionTLS12
 )