From 3f3e62225eb16ada248bed0a9fa8e0d4424fc6c6 Mon Sep 17 00:00:00 2001 From: Tero Saarni Date: Tue, 24 Jan 2023 10:46:11 +0200 Subject: [PATCH] Changed option naming, removed obsolete versions. Signed-off-by: Tero Saarni --- client/pkg/tlsutil/versions.go | 2 -- client/pkg/tlsutil/versions_test.go | 2 -- server/embed/config.go | 4 ++-- server/embed/config_test.go | 16 ++++++++-------- server/etcdmain/config.go | 4 ++-- server/etcdmain/help.go | 8 ++++---- 6 files changed, 16 insertions(+), 20 deletions(-) diff --git a/client/pkg/tlsutil/versions.go b/client/pkg/tlsutil/versions.go index 9735b9de19df..e18bb69d8c74 100644 --- a/client/pkg/tlsutil/versions.go +++ b/client/pkg/tlsutil/versions.go @@ -22,8 +22,6 @@ import ( // tlsVersions is a map of TLS version string to the value of tls.Config.Min/MaxVersion. var tlsVersions = map[string]uint16{ "": 0, // If version was not given use 0 (uninitialized version) to let Go decide. - "TLS10": tls.VersionTLS10, - "TLS11": tls.VersionTLS11, "TLS12": tls.VersionTLS12, "TLS13": tls.VersionTLS13, } diff --git a/client/pkg/tlsutil/versions_test.go b/client/pkg/tlsutil/versions_test.go index 45a74f01eca5..dffbe9e226ff 100644 --- a/client/pkg/tlsutil/versions_test.go +++ b/client/pkg/tlsutil/versions_test.go @@ -22,8 +22,6 @@ import ( func TestGetVersion_success(t *testing.T) { versions := map[string]uint16{ "": 0, - "TLS10": tls.VersionTLS10, - "TLS11": tls.VersionTLS11, "TLS12": tls.VersionTLS12, "TLS13": tls.VersionTLS13, } diff --git a/server/embed/config.go b/server/embed/config.go index 5bae6f51e341..83513ac59dc8 100644 --- a/server/embed/config.go +++ b/server/embed/config.go @@ -227,9 +227,9 @@ type Config struct { CipherSuites []string `json:"cipher-suites"` // MinVersion is the minimum accepted TLS version between client/server and peers. - MinVersion string `json:"min-tls-version"` + MinVersion string `json:"tls-min-version"` // MaxVersion is the maximum accepted TLS version between client/server and peers. - MaxVersion string `json:"max-tls-version"` + MaxVersion string `json:"tls-max-version"` ClusterState string `json:"initial-cluster-state"` DNSCluster string `json:"discovery-srv"` diff --git a/server/embed/config_test.go b/server/embed/config_test.go index 54db8a170485..6c6c3283671c 100644 --- a/server/embed/config_test.go +++ b/server/embed/config_test.go @@ -442,9 +442,9 @@ func TestTLSVersionMinMax(t *testing.T) { { name: "Minimum TLS version is set", config: Config{ - MinVersion: "TLS10", + MinVersion: "TLS13", }, - expectedMinTLSVersion: tls.VersionTLS10, + expectedMinTLSVersion: tls.VersionTLS13, expectedMaxTLSVersion: 0, }, { @@ -458,17 +458,17 @@ func TestTLSVersionMinMax(t *testing.T) { { name: "Minimum and Maximum TLS versions are set", config: Config{ - MinVersion: "TLS10", - MaxVersion: "TLS12", + MinVersion: "TLS13", + MaxVersion: "TLS13", }, - expectedMinTLSVersion: tls.VersionTLS10, - expectedMaxTLSVersion: tls.VersionTLS12, + expectedMinTLSVersion: tls.VersionTLS13, + expectedMaxTLSVersion: tls.VersionTLS13, }, { name: "Minimum and Maximum TLS versions are set in reverse order", config: Config{ - MinVersion: "TLS12", - MaxVersion: "TLS10", + MinVersion: "TLS13", + MaxVersion: "TLS12", }, expectError: true, }, diff --git a/server/etcdmain/config.go b/server/etcdmain/config.go index 37b206f04e8f..c417b2a895b0 100644 --- a/server/etcdmain/config.go +++ b/server/etcdmain/config.go @@ -215,8 +215,8 @@ func newConfig() *config { fs.StringVar(&cfg.ec.PeerTLSInfo.AllowedHostname, "peer-cert-allowed-hostname", "", "Allowed TLS hostname for inter peer authentication.") fs.Var(flags.NewStringsValue(""), "cipher-suites", "Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).") fs.BoolVar(&cfg.ec.PeerTLSInfo.SkipClientSANVerify, "experimental-peer-skip-client-san-verification", false, "Skip verification of SAN field in client certificate for peer connections.") - fs.StringVar(&cfg.ec.MinVersion, "min-tls-version", "TLS12", "Minimum TLS version supported for peer and client connections. Possible values: TLS10, TLS11, TLS12, TLS13.") - fs.StringVar(&cfg.ec.MaxVersion, "max-tls-version", "", "Maximum TLS version supported for peer and client connections. Possible values: TLS10, TLS11, TLS12, TLS13 (empty will be auto-populated by Go).") + fs.StringVar(&cfg.ec.MinVersion, "tls-min-version", "TLS12", "Minimum TLS version supported for peer and client connections. Possible values: TLS12, TLS13.") + fs.StringVar(&cfg.ec.MaxVersion, "tls-max-version", "", "Maximum TLS version supported for peer and client connections. Possible values: TLS12, TLS13 (empty will be auto-populated by Go).") fs.Var( flags.NewUniqueURLsWithExceptions("*", "*"), diff --git a/server/etcdmain/help.go b/server/etcdmain/help.go index 68c74bad4f10..edcc0001672c 100644 --- a/server/etcdmain/help.go +++ b/server/etcdmain/help.go @@ -199,10 +199,10 @@ Security: Comma-separated whitelist of origins for CORS, or cross-origin resource sharing, (empty or * means allow all). --host-whitelist '*' Acceptable hostnames from HTTP client requests, if server is not secure (empty or * means allow all). - --min-tls-version 'TLS12' - Minimum TLS version supported for client and peer connections. Possible values: TLS10, TLS11, TLS12, TLS13. - --max-tls-version '' - Maximum TLS version supported for client ane peer connections. Possible values: TLS10, TLS11, TLS12, TLS13 (empty will be auto-populated by Go). + --tls-min-version 'TLS12' + Minimum TLS version supported for client and peer connections. Possible values: TLS12, TLS13. + --tls-max-version '' + Maximum TLS version supported for client ane peer connections. Possible values: TLS12, TLS13 (empty will be auto-populated by Go). Auth: --auth-token 'simple'