feat: tls by default

Switches to TLS as the default security transports.
2026-02-21 10:27:46 +08:00 · 2020-03-29 18:58:54 -07:00 · 2020-03-29 18:58:54 -07:00 · f28b8fce66
commit f28b8fce66
parent c6d0232093
6 changed files with 12 additions and 30 deletions
--- a/core/node/groups.go
+++ b/core/node/groups.go
@ -102,7 +102,7 @@ func LibP2P(bcfg *BuildCfg, cfg *config.Config) fx.Option {
 		fx.Invoke(libp2p.StartListening(cfg.Addresses.Swarm)),
 		fx.Invoke(libp2p.SetupDiscovery(cfg.Discovery.MDNS.Enabled, cfg.Discovery.MDNS.Interval)),

-		fx.Provide(libp2p.Security(!bcfg.DisableEncryptedConnections, cfg.Experimental.PreferTLS)),
+		fx.Provide(libp2p.Security(!bcfg.DisableEncryptedConnections)),

 		fx.Provide(libp2p.Routing),
 		fx.Provide(libp2p.BaseRouting),
--- a/core/node/libp2p/transport.go
+++ b/core/node/libp2p/transport.go
@ -11,7 +11,7 @@ import (
 var DefaultTransports = simpleOpt(libp2p.DefaultTransports)
 var QUIC = simpleOpt(libp2p.Transport(libp2pquic.NewTransport))

-func Security(enabled, preferTLS bool) interface{} {
+func Security(enabled bool) interface{} {
 	if !enabled {
 		return func() (opts Libp2pOpts) {
 			// TODO: shouldn't this be Errorf to guarantee visibility?
@ -22,11 +22,7 @@ func Security(enabled, preferTLS bool) interface{} {
 		}
 	}
 	return func() (opts Libp2pOpts) {
-		if preferTLS {
-			opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New)))
-		} else {
-			opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New)))
-		}
+		opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New)))
 		return opts
 	}
 }
--- a/docs/examples/library-experimental-features/README.md
+++ b/docs/examples/library-experimental-features/README.md
@ -58,8 +58,6 @@ func createTempRepo(ctx context.Context) (string, error) {
 	cfg.Experimental.P2pHttpProxy = true
 	// https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#quic
 	cfg.Experimental.QUIC = true
-	// https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#tls-13-as-default-handshake-protocol
-	cfg.Experimental.PreferTLS = true
 	// https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#strategic-providing
 	cfg.Experimental.StrategicProviding = true

--- a/docs/experimental-features.md
+++ b/docs/experimental-features.md
@ -632,7 +632,7 @@ For listening on a QUIC address, add it the swarm addresses, e.g. `/ip4/0.0.0.0/

 ### In Version

-0.4.19-dev
+0.4.19

 ### State

@ -660,26 +660,14 @@ ipfs config --json Swarm.EnableAutoNATService true

 ## TLS 1.3 as default handshake protocol

+### In Version
+
+0.5.0
+
 ### State

-Every go-ipfs node (>=0.4.21) accepts secio and TLS 1.3 connections but prefers
-secio over TLS when dialing. To prefer TLS when dialing, you'll have to enable
-this feature.
+Stable

-### How to enable
-
-Modify your ipfs config:
-
-```
-ipfs config --json Experimental.PreferTLS true
-```
-
-### Road to being a real feature
-
- [ ] needs testing
- [ ] needs adoption
-
---

 ## Strategic Providing

--- a/go.mod
+++ b/go.mod
@ -31,7 +31,7 @@ require (
 	github.com/ipfs/go-ipfs-blockstore v0.1.4
 	github.com/ipfs/go-ipfs-chunker v0.0.5
 	github.com/ipfs/go-ipfs-cmds v0.1.4
-	github.com/ipfs/go-ipfs-config v0.3.0
+	github.com/ipfs/go-ipfs-config v0.4.0
 	github.com/ipfs/go-ipfs-ds-help v0.1.1
 	github.com/ipfs/go-ipfs-exchange-interface v0.0.1
 	github.com/ipfs/go-ipfs-exchange-offline v0.0.1
--- a/go.sum
+++ b/go.sum
@ -246,8 +246,8 @@ github.com/ipfs/go-ipfs-chunker v0.0.5 h1:ojCf7HV/m+uS2vhUGWcogIIxiO5ubl5O57Q7Na
 github.com/ipfs/go-ipfs-chunker v0.0.5/go.mod h1:jhgdF8vxRHycr00k13FM8Y0E+6BoalYeobXmUyTreP8=
 github.com/ipfs/go-ipfs-cmds v0.1.4 h1:l5QAc1iaoMZeBd2vpanrHWs26haEBL4PVqgoHJNG2GE=
 github.com/ipfs/go-ipfs-cmds v0.1.4/go.mod h1:wm+C6M8FYDcWPU/EdWqMuHvdyWborFh+GuDl6Ov6sM0=
-github.com/ipfs/go-ipfs-config v0.3.0 h1:fGs3JBqB9ia/Joi8up47uiKn150EOEqqVFwv8HZqXao=
-github.com/ipfs/go-ipfs-config v0.3.0/go.mod h1:nSLCFtlaL+2rbl3F+9D4gQZQbT1LjRKx7TJg/IHz6oM=
+github.com/ipfs/go-ipfs-config v0.4.0 h1:MOXdj8EYQG55v1y+5e1QcctDKPEGobdwnXaDVa0/cc0=
+github.com/ipfs/go-ipfs-config v0.4.0/go.mod h1:nSLCFtlaL+2rbl3F+9D4gQZQbT1LjRKx7TJg/IHz6oM=
 github.com/ipfs/go-ipfs-delay v0.0.0-20181109222059-70721b86a9a8/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw=
 github.com/ipfs/go-ipfs-delay v0.0.1 h1:r/UXYyRcddO6thwOnhiznIAiSvxMECGgtv35Xs1IeRQ=
 github.com/ipfs/go-ipfs-delay v0.0.1/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw=