mirror of
https://github.com/ipfs/kubo.git
synced 2026-02-23 03:17:43 +08:00
ccc2d23730
We've had a reliable and enabled by default TLS implementation since 0.4.23 (over a year ago) and turned off SECIO in September of last year. We might as well remove support entirely in the next release and encourage users to upgrade their networks. Noise is faster, anyways.
43 lines
1.3 KiB
Go
43 lines
1.3 KiB
Go
package libp2p
|
|
|
|
import (
|
|
config "github.com/ipfs/go-ipfs-config"
|
|
"github.com/libp2p/go-libp2p"
|
|
noise "github.com/libp2p/go-libp2p-noise"
|
|
tls "github.com/libp2p/go-libp2p-tls"
|
|
)
|
|
|
|
const secioEnabledWarning = `The SECIO security transport was enabled in the config but is no longer supported.
|
|
|
|
SECIO disabled by default in go-ipfs 0.7 removed in go-ipfs 0.9. Please remove
|
|
Swarm.Transports.Security.SECIO from your IPFS config.`
|
|
|
|
func Security(enabled bool, tptConfig config.Transports) interface{} {
|
|
if !enabled {
|
|
return func() (opts Libp2pOpts) {
|
|
log.Errorf(`Your IPFS node has been configured to run WITHOUT ENCRYPTED CONNECTIONS.
|
|
You will not be able to connect to any nodes configured to use encrypted connections`)
|
|
opts.Opts = append(opts.Opts, libp2p.NoSecurity)
|
|
return opts
|
|
}
|
|
}
|
|
|
|
if _, enabled := tptConfig.Security.SECIO.WithDefault(config.Disabled); enabled {
|
|
log.Error(secioEnabledWarning)
|
|
}
|
|
|
|
// Using the new config options.
|
|
return func() (opts Libp2pOpts) {
|
|
opts.Opts = append(opts.Opts, prioritizeOptions([]priorityOption{{
|
|
priority: tptConfig.Security.TLS,
|
|
defaultPriority: 100,
|
|
opt: libp2p.Security(tls.ID, tls.New),
|
|
}, {
|
|
priority: tptConfig.Security.Noise,
|
|
defaultPriority: 300,
|
|
opt: libp2p.Security(noise.ID, noise.New),
|
|
}}))
|
|
return opts
|
|
}
|
|
}
|