feat: tls by default

Stebalien · Stebalien · commit f28b8fce66ea · 2020-03-29T19:12:54.000-07:00
Switches to TLS as the default security transports.
diff --git a/core/node/groups.go b/core/node/groups.go
@@ -102,7 +102,7 @@ func LibP2P(bcfg *BuildCfg, cfg *config.Config) fx.Option {
 		fx.Invoke(libp2p.StartListening(cfg.Addresses.Swarm)),
 		fx.Invoke(libp2p.SetupDiscovery(cfg.Discovery.MDNS.Enabled, cfg.Discovery.MDNS.Interval)),
 
-		fx.Provide(libp2p.Security(!bcfg.DisableEncryptedConnections, cfg.Experimental.PreferTLS)),
+		fx.Provide(libp2p.Security(!bcfg.DisableEncryptedConnections)),
 
 		fx.Provide(libp2p.Routing),
 		fx.Provide(libp2p.BaseRouting),
diff --git a/core/node/libp2p/transport.go b/core/node/libp2p/transport.go
@@ -11,7 +11,7 @@ import (
 var DefaultTransports = simpleOpt(libp2p.DefaultTransports)
 var QUIC = simpleOpt(libp2p.Transport(libp2pquic.NewTransport))
 
-func Security(enabled, preferTLS bool) interface{} {
+func Security(enabled bool) interface{} {
 	if !enabled {
 		return func() (opts Libp2pOpts) {
 			// TODO: shouldn't this be Errorf to guarantee visibility?
@@ -22,11 +22,7 @@ func Security(enabled, preferTLS bool) interface{} {
 		}
 	}
 	return func() (opts Libp2pOpts) {
-		if preferTLS {
-			opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New)))
-		} else {
-			opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New)))
-		}
+		opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New)))
 		return opts
 	}
 }
diff --git a/docs/examples/library-experimental-features/README.md b/docs/examples/library-experimental-features/README.md
@@ -58,8 +58,6 @@ func createTempRepo(ctx context.Context) (string, error) {
 	cfg.Experimental.P2pHttpProxy = true
 	// https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#quic
 	cfg.Experimental.QUIC = true
-	// https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#tls-13-as-default-handshake-protocol
-	cfg.Experimental.PreferTLS = true
 	// https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#strategic-providing
 	cfg.Experimental.StrategicProviding = true
 
diff --git a/docs/experimental-features.md b/docs/experimental-features.md
@@ -632,7 +632,7 @@ For listening on a QUIC address, add it the swarm addresses, e.g. `/ip4/0.0.0.0/
 
 ### In Version
 
-0.4.19-dev
+0.4.19
 
 ### State
 
@@ -660,26 +660,14 @@ ipfs config --json Swarm.EnableAutoNATService true
 
 ## TLS 1.3 as default handshake protocol
 
-### State
-
-Every go-ipfs node (>=0.4.21) accepts secio and TLS 1.3 connections but prefers
-secio over TLS when dialing. To prefer TLS when dialing, you'll have to enable
-this feature.
-
-### How to enable
+### In Version
 
-Modify your ipfs config:
+0.5.0
 
-```
-ipfs config --json Experimental.PreferTLS true
-```
-
-### Road to being a real feature
+### State
 
-- [ ] needs testing
-- [ ] needs adoption
+Stable
 
----
 
 ## Strategic Providing
 
diff --git a/go.mod b/go.mod
@@ -31,7 +31,7 @@ require (
 	github.com/ipfs/go-ipfs-blockstore v0.1.4
 	github.com/ipfs/go-ipfs-chunker v0.0.5
 	github.com/ipfs/go-ipfs-cmds v0.1.4
-	github.com/ipfs/go-ipfs-config v0.3.0
+	github.com/ipfs/go-ipfs-config v0.4.0
 	github.com/ipfs/go-ipfs-ds-help v0.1.1
 	github.com/ipfs/go-ipfs-exchange-interface v0.0.1
 	github.com/ipfs/go-ipfs-exchange-offline v0.0.1
diff --git a/go.sum b/go.sum
@@ -246,8 +246,8 @@ github.com/ipfs/go-ipfs-chunker v0.0.5 h1:ojCf7HV/m+uS2vhUGWcogIIxiO5ubl5O57Q7Na
 github.com/ipfs/go-ipfs-chunker v0.0.5/go.mod h1:jhgdF8vxRHycr00k13FM8Y0E+6BoalYeobXmUyTreP8=
 github.com/ipfs/go-ipfs-cmds v0.1.4 h1:l5QAc1iaoMZeBd2vpanrHWs26haEBL4PVqgoHJNG2GE=
 github.com/ipfs/go-ipfs-cmds v0.1.4/go.mod h1:wm+C6M8FYDcWPU/EdWqMuHvdyWborFh+GuDl6Ov6sM0=
-github.com/ipfs/go-ipfs-config v0.3.0 h1:fGs3JBqB9ia/Joi8up47uiKn150EOEqqVFwv8HZqXao=
-github.com/ipfs/go-ipfs-config v0.3.0/go.mod h1:nSLCFtlaL+2rbl3F+9D4gQZQbT1LjRKx7TJg/IHz6oM=
+github.com/ipfs/go-ipfs-config v0.4.0 h1:MOXdj8EYQG55v1y+5e1QcctDKPEGobdwnXaDVa0/cc0=
+github.com/ipfs/go-ipfs-config v0.4.0/go.mod h1:nSLCFtlaL+2rbl3F+9D4gQZQbT1LjRKx7TJg/IHz6oM=
 github.com/ipfs/go-ipfs-delay v0.0.0-20181109222059-70721b86a9a8/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw=
 github.com/ipfs/go-ipfs-delay v0.0.1 h1:r/UXYyRcddO6thwOnhiznIAiSvxMECGgtv35Xs1IeRQ=
 github.com/ipfs/go-ipfs-delay v0.0.1/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw=

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ import (`
`11`	`11`	`var DefaultTransports = simpleOpt(libp2p.DefaultTransports)`
`12`	`12`	`var QUIC = simpleOpt(libp2p.Transport(libp2pquic.NewTransport))`
`13`	`13`
`14`		`-func Security(enabled, preferTLS bool) interface{} {`
	`14`	`+func Security(enabled bool) interface{} {`
`15`	`15`	`if !enabled {`
`16`	`16`	`return func() (opts Libp2pOpts) {`
`17`	`17`	`// TODO: shouldn't this be Errorf to guarantee visibility?`
`@@ -22,11 +22,7 @@ func Security(enabled, preferTLS bool) interface{} {`
`22`	`22`	`}`
`23`	`23`	`}`
`24`	`24`	`return func() (opts Libp2pOpts) {`
`25`		`- if preferTLS {`
`26`		`- opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New)))`
`27`		`- } else {`
`28`		`- opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New)))`
`29`		`- }`
	`25`	`+ opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New)))`
`30`	`26`	`return opts`
`31`	`27`	`}`
`32`	`28`	`}`
-Original file line number
+Diff line change
 	github.com/ipfs/go-ipfs-blockstore v0.1.4
 	github.com/ipfs/go-ipfs-chunker v0.0.5
 	github.com/ipfs/go-ipfs-cmds v0.1.4
 -	github.com/ipfs/go-ipfs-config v0.3.0
 +	github.com/ipfs/go-ipfs-config v0.4.0
 	github.com/ipfs/go-ipfs-ds-help v0.1.1
 	github.com/ipfs/go-ipfs-exchange-interface v0.0.1
 	github.com/ipfs/go-ipfs-exchange-offline v0.0.1