Changed option naming, removed obsolete versions.

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
etcd-io · Jan 24, 2023 · 3f3e622 · 3f3e622
1 parent 1cb7a53
commit 3f3e622
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 20 deletions.
diff --git a/client/pkg/tlsutil/versions.go b/client/pkg/tlsutil/versions.go
@@ -22,8 +22,6 @@ import (
 // tlsVersions is a map of TLS version string to the value of tls.Config.Min/MaxVersion.
 var tlsVersions = map[string]uint16{
 	"":      0, // If version was not given use 0 (uninitialized version) to let Go decide.
-	"TLS10": tls.VersionTLS10,
-	"TLS11": tls.VersionTLS11,
 	"TLS12": tls.VersionTLS12,
 	"TLS13": tls.VersionTLS13,
 }

diff --git a/client/pkg/tlsutil/versions_test.go b/client/pkg/tlsutil/versions_test.go
@@ -22,8 +22,6 @@ import (
 func TestGetVersion_success(t *testing.T) {
 	versions := map[string]uint16{
 		"":      0,
-		"TLS10": tls.VersionTLS10,
-		"TLS11": tls.VersionTLS11,
 		"TLS12": tls.VersionTLS12,
 		"TLS13": tls.VersionTLS13,
 	}

diff --git a/server/embed/config.go b/server/embed/config.go
@@ -227,9 +227,9 @@ type Config struct {
 	CipherSuites []string `json:"cipher-suites"`
 
 	// MinVersion is the minimum accepted TLS version between client/server and peers.
-	MinVersion string `json:"min-tls-version"`
+	MinVersion string `json:"tls-min-version"`
 	// MaxVersion is the maximum accepted TLS version between client/server and peers.
-	MaxVersion string `json:"max-tls-version"`
+	MaxVersion string `json:"tls-max-version"`
 
 	ClusterState          string `json:"initial-cluster-state"`
 	DNSCluster            string `json:"discovery-srv"`

diff --git a/server/embed/config_test.go b/server/embed/config_test.go
@@ -442,9 +442,9 @@ func TestTLSVersionMinMax(t *testing.T) {
 		{
 			name: "Minimum TLS version is set",
 			config: Config{
-				MinVersion: "TLS10",
+				MinVersion: "TLS13",
 			},
-			expectedMinTLSVersion: tls.VersionTLS10,
+			expectedMinTLSVersion: tls.VersionTLS13,
 			expectedMaxTLSVersion: 0,
 		},
 		{
@@ -458,17 +458,17 @@ func TestTLSVersionMinMax(t *testing.T) {
 		{
 			name: "Minimum and Maximum TLS versions are set",
 			config: Config{
-				MinVersion: "TLS10",
-				MaxVersion: "TLS12",
+				MinVersion: "TLS13",
+				MaxVersion: "TLS13",
 			},
-			expectedMinTLSVersion: tls.VersionTLS10,
-			expectedMaxTLSVersion: tls.VersionTLS12,
+			expectedMinTLSVersion: tls.VersionTLS13,
+			expectedMaxTLSVersion: tls.VersionTLS13,
 		},
 		{
 			name: "Minimum and Maximum TLS versions are set in reverse order",
 			config: Config{
-				MinVersion: "TLS12",
-				MaxVersion: "TLS10",
+				MinVersion: "TLS13",
+				MaxVersion: "TLS12",
 			},
 			expectError: true,
 		},

diff --git a/server/etcdmain/config.go b/server/etcdmain/config.go
@@ -215,8 +215,8 @@ func newConfig() *config {
 	fs.StringVar(&cfg.ec.PeerTLSInfo.AllowedHostname, "peer-cert-allowed-hostname", "", "Allowed TLS hostname for inter peer authentication.")
 	fs.Var(flags.NewStringsValue(""), "cipher-suites", "Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).")
 	fs.BoolVar(&cfg.ec.PeerTLSInfo.SkipClientSANVerify, "experimental-peer-skip-client-san-verification", false, "Skip verification of SAN field in client certificate for peer connections.")
-	fs.StringVar(&cfg.ec.MinVersion, "min-tls-version", "TLS12", "Minimum TLS version supported for peer and client connections. Possible values: TLS10, TLS11, TLS12, TLS13.")
-	fs.StringVar(&cfg.ec.MaxVersion, "max-tls-version", "", "Maximum TLS version supported for peer and client connections. Possible values: TLS10, TLS11, TLS12, TLS13 (empty will be auto-populated by Go).")
+	fs.StringVar(&cfg.ec.MinVersion, "tls-min-version", "TLS12", "Minimum TLS version supported for peer and client connections. Possible values: TLS12, TLS13.")
+	fs.StringVar(&cfg.ec.MaxVersion, "tls-max-version", "", "Maximum TLS version supported for peer and client connections. Possible values: TLS12, TLS13 (empty will be auto-populated by Go).")
 
 	fs.Var(
 		flags.NewUniqueURLsWithExceptions("*", "*"),

diff --git a/server/etcdmain/help.go b/server/etcdmain/help.go
@@ -199,10 +199,10 @@ Security:
     Comma-separated whitelist of origins for CORS, or cross-origin resource sharing, (empty or * means allow all).
   --host-whitelist '*'
     Acceptable hostnames from HTTP client requests, if server is not secure (empty or * means allow all).
-  --min-tls-version 'TLS12'
-    Minimum TLS version supported for client and peer connections. Possible values: TLS10, TLS11, TLS12, TLS13.
-  --max-tls-version ''
-    Maximum TLS version supported for client ane peer connections. Possible values: TLS10, TLS11, TLS12, TLS13 (empty will be auto-populated by Go).
+  --tls-min-version 'TLS12'
+    Minimum TLS version supported for client and peer connections. Possible values: TLS12, TLS13.
+  --tls-max-version ''
+    Maximum TLS version supported for client ane peer connections. Possible values: TLS12, TLS13 (empty will be auto-populated by Go).
 
 Auth:
   --auth-token 'simple'