Skip to content

Commit

Permalink
Changed option naming, removed obsolete versions.
Browse files Browse the repository at this point in the history
Signed-off-by: Tero Saarni <[email protected]>
  • Loading branch information
tsaarni committed Jan 24, 2023
1 parent 1cb7a53 commit 3f3e622
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 20 deletions.
2 changes: 0 additions & 2 deletions client/pkg/tlsutil/versions.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@ import (
// tlsVersions is a map of TLS version string to the value of tls.Config.Min/MaxVersion.
var tlsVersions = map[string]uint16{
"": 0, // If version was not given use 0 (uninitialized version) to let Go decide.
"TLS10": tls.VersionTLS10,
"TLS11": tls.VersionTLS11,
"TLS12": tls.VersionTLS12,
"TLS13": tls.VersionTLS13,
}
Expand Down
2 changes: 0 additions & 2 deletions client/pkg/tlsutil/versions_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@ import (
func TestGetVersion_success(t *testing.T) {
versions := map[string]uint16{
"": 0,
"TLS10": tls.VersionTLS10,
"TLS11": tls.VersionTLS11,
"TLS12": tls.VersionTLS12,
"TLS13": tls.VersionTLS13,
}
Expand Down
4 changes: 2 additions & 2 deletions server/embed/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -227,9 +227,9 @@ type Config struct {
CipherSuites []string `json:"cipher-suites"`

// MinVersion is the minimum accepted TLS version between client/server and peers.
MinVersion string `json:"min-tls-version"`
MinVersion string `json:"tls-min-version"`
// MaxVersion is the maximum accepted TLS version between client/server and peers.
MaxVersion string `json:"max-tls-version"`
MaxVersion string `json:"tls-max-version"`

ClusterState string `json:"initial-cluster-state"`
DNSCluster string `json:"discovery-srv"`
Expand Down
16 changes: 8 additions & 8 deletions server/embed/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -442,9 +442,9 @@ func TestTLSVersionMinMax(t *testing.T) {
{
name: "Minimum TLS version is set",
config: Config{
MinVersion: "TLS10",
MinVersion: "TLS13",
},
expectedMinTLSVersion: tls.VersionTLS10,
expectedMinTLSVersion: tls.VersionTLS13,
expectedMaxTLSVersion: 0,
},
{
Expand All @@ -458,17 +458,17 @@ func TestTLSVersionMinMax(t *testing.T) {
{
name: "Minimum and Maximum TLS versions are set",
config: Config{
MinVersion: "TLS10",
MaxVersion: "TLS12",
MinVersion: "TLS13",
MaxVersion: "TLS13",
},
expectedMinTLSVersion: tls.VersionTLS10,
expectedMaxTLSVersion: tls.VersionTLS12,
expectedMinTLSVersion: tls.VersionTLS13,
expectedMaxTLSVersion: tls.VersionTLS13,
},
{
name: "Minimum and Maximum TLS versions are set in reverse order",
config: Config{
MinVersion: "TLS12",
MaxVersion: "TLS10",
MinVersion: "TLS13",
MaxVersion: "TLS12",
},
expectError: true,
},
Expand Down
4 changes: 2 additions & 2 deletions server/etcdmain/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -215,8 +215,8 @@ func newConfig() *config {
fs.StringVar(&cfg.ec.PeerTLSInfo.AllowedHostname, "peer-cert-allowed-hostname", "", "Allowed TLS hostname for inter peer authentication.")
fs.Var(flags.NewStringsValue(""), "cipher-suites", "Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).")
fs.BoolVar(&cfg.ec.PeerTLSInfo.SkipClientSANVerify, "experimental-peer-skip-client-san-verification", false, "Skip verification of SAN field in client certificate for peer connections.")
fs.StringVar(&cfg.ec.MinVersion, "min-tls-version", "TLS12", "Minimum TLS version supported for peer and client connections. Possible values: TLS10, TLS11, TLS12, TLS13.")
fs.StringVar(&cfg.ec.MaxVersion, "max-tls-version", "", "Maximum TLS version supported for peer and client connections. Possible values: TLS10, TLS11, TLS12, TLS13 (empty will be auto-populated by Go).")
fs.StringVar(&cfg.ec.MinVersion, "tls-min-version", "TLS12", "Minimum TLS version supported for peer and client connections. Possible values: TLS12, TLS13.")
fs.StringVar(&cfg.ec.MaxVersion, "tls-max-version", "", "Maximum TLS version supported for peer and client connections. Possible values: TLS12, TLS13 (empty will be auto-populated by Go).")

fs.Var(
flags.NewUniqueURLsWithExceptions("*", "*"),
Expand Down
8 changes: 4 additions & 4 deletions server/etcdmain/help.go
Original file line number Diff line number Diff line change
Expand Up @@ -199,10 +199,10 @@ Security:
Comma-separated whitelist of origins for CORS, or cross-origin resource sharing, (empty or * means allow all).
--host-whitelist '*'
Acceptable hostnames from HTTP client requests, if server is not secure (empty or * means allow all).
--min-tls-version 'TLS12'
Minimum TLS version supported for client and peer connections. Possible values: TLS10, TLS11, TLS12, TLS13.
--max-tls-version ''
Maximum TLS version supported for client ane peer connections. Possible values: TLS10, TLS11, TLS12, TLS13 (empty will be auto-populated by Go).
--tls-min-version 'TLS12'
Minimum TLS version supported for client and peer connections. Possible values: TLS12, TLS13.
--tls-max-version ''
Maximum TLS version supported for client ane peer connections. Possible values: TLS12, TLS13 (empty will be auto-populated by Go).
Auth:
--auth-token 'simple'
Expand Down

0 comments on commit 3f3e622

Please sign in to comment.