Skip to content

Commit

Permalink
Merge pull request #7055 from ipfs/feat/tls-by-default
Browse files Browse the repository at this point in the history
feat: tls by default
  • Loading branch information
Stebalien authored Mar 30, 2020
2 parents c6d0232 + f28b8fc commit 643acab
Show file tree
Hide file tree
Showing 6 changed files with 11 additions and 29 deletions.
2 changes: 1 addition & 1 deletion core/node/groups.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ func LibP2P(bcfg *BuildCfg, cfg *config.Config) fx.Option {
fx.Invoke(libp2p.StartListening(cfg.Addresses.Swarm)),
fx.Invoke(libp2p.SetupDiscovery(cfg.Discovery.MDNS.Enabled, cfg.Discovery.MDNS.Interval)),

fx.Provide(libp2p.Security(!bcfg.DisableEncryptedConnections, cfg.Experimental.PreferTLS)),
fx.Provide(libp2p.Security(!bcfg.DisableEncryptedConnections)),

fx.Provide(libp2p.Routing),
fx.Provide(libp2p.BaseRouting),
Expand Down
8 changes: 2 additions & 6 deletions core/node/libp2p/transport.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
var DefaultTransports = simpleOpt(libp2p.DefaultTransports)
var QUIC = simpleOpt(libp2p.Transport(libp2pquic.NewTransport))

func Security(enabled, preferTLS bool) interface{} {
func Security(enabled bool) interface{} {
if !enabled {
return func() (opts Libp2pOpts) {
// TODO: shouldn't this be Errorf to guarantee visibility?
Expand All @@ -22,11 +22,7 @@ func Security(enabled, preferTLS bool) interface{} {
}
}
return func() (opts Libp2pOpts) {
if preferTLS {
opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New)))
} else {
opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New)))
}
opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New)))
return opts
}
}
Expand Down
2 changes: 0 additions & 2 deletions docs/examples/library-experimental-features/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,6 @@ func createTempRepo(ctx context.Context) (string, error) {
cfg.Experimental.P2pHttpProxy = true
// https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#quic
cfg.Experimental.QUIC = true
// https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#tls-13-as-default-handshake-protocol
cfg.Experimental.PreferTLS = true
// https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#strategic-providing
cfg.Experimental.StrategicProviding = true

Expand Down
22 changes: 5 additions & 17 deletions docs/experimental-features.md
Original file line number Diff line number Diff line change
Expand Up @@ -632,7 +632,7 @@ For listening on a QUIC address, add it the swarm addresses, e.g. `/ip4/0.0.0.0/

### In Version

0.4.19-dev
0.4.19

### State

Expand Down Expand Up @@ -660,26 +660,14 @@ ipfs config --json Swarm.EnableAutoNATService true

## TLS 1.3 as default handshake protocol

### State

Every go-ipfs node (>=0.4.21) accepts secio and TLS 1.3 connections but prefers
secio over TLS when dialing. To prefer TLS when dialing, you'll have to enable
this feature.

### How to enable
### In Version

Modify your ipfs config:
0.5.0

```
ipfs config --json Experimental.PreferTLS true
```

### Road to being a real feature
### State

- [ ] needs testing
- [ ] needs adoption
Stable

---

## Strategic Providing

Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ require (
github.com/ipfs/go-ipfs-blockstore v0.1.4
github.com/ipfs/go-ipfs-chunker v0.0.5
github.com/ipfs/go-ipfs-cmds v0.1.4
github.com/ipfs/go-ipfs-config v0.3.0
github.com/ipfs/go-ipfs-config v0.4.0
github.com/ipfs/go-ipfs-ds-help v0.1.1
github.com/ipfs/go-ipfs-exchange-interface v0.0.1
github.com/ipfs/go-ipfs-exchange-offline v0.0.1
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -246,8 +246,8 @@ github.com/ipfs/go-ipfs-chunker v0.0.5 h1:ojCf7HV/m+uS2vhUGWcogIIxiO5ubl5O57Q7Na
github.com/ipfs/go-ipfs-chunker v0.0.5/go.mod h1:jhgdF8vxRHycr00k13FM8Y0E+6BoalYeobXmUyTreP8=
github.com/ipfs/go-ipfs-cmds v0.1.4 h1:l5QAc1iaoMZeBd2vpanrHWs26haEBL4PVqgoHJNG2GE=
github.com/ipfs/go-ipfs-cmds v0.1.4/go.mod h1:wm+C6M8FYDcWPU/EdWqMuHvdyWborFh+GuDl6Ov6sM0=
github.com/ipfs/go-ipfs-config v0.3.0 h1:fGs3JBqB9ia/Joi8up47uiKn150EOEqqVFwv8HZqXao=
github.com/ipfs/go-ipfs-config v0.3.0/go.mod h1:nSLCFtlaL+2rbl3F+9D4gQZQbT1LjRKx7TJg/IHz6oM=
github.com/ipfs/go-ipfs-config v0.4.0 h1:MOXdj8EYQG55v1y+5e1QcctDKPEGobdwnXaDVa0/cc0=
github.com/ipfs/go-ipfs-config v0.4.0/go.mod h1:nSLCFtlaL+2rbl3F+9D4gQZQbT1LjRKx7TJg/IHz6oM=
github.com/ipfs/go-ipfs-delay v0.0.0-20181109222059-70721b86a9a8/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw=
github.com/ipfs/go-ipfs-delay v0.0.1 h1:r/UXYyRcddO6thwOnhiznIAiSvxMECGgtv35Xs1IeRQ=
github.com/ipfs/go-ipfs-delay v0.0.1/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw=
Expand Down

0 comments on commit 643acab

Please sign in to comment.