crypto/tls: change default minimum version to 1.2

Updates the default from 1.0 -> 1.2 for servers, bringing it in line with clients. Add a GODEBUG setting, tls10server, which lets users revert this change. Fixes #62459 Change-Id: I2b82f85b1c2d527df1f9afefae4ab30a8f0ceb41 Reviewed-on: https://go-review.googlesource.com/c/go/+/541516 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
2025-12-08 06:10:04 +00:00 · 2023-11-10 10:12:48 -08:00 · 2023-11-10 10:12:48 -08:00 · 362bf4fc6d
commit 362bf4fc6d
parent e7d582b55d
6 changed files with 36 additions and 20 deletions
--- a/src/internal/godebugs/table.go
+++ b/src/internal/godebugs/table.go
@ -45,6 +45,7 @@ var All = []Info{
 	{Name: "panicnil", Package: "runtime", Changed: 21, Old: "1"},
 	{Name: "randautoseed", Package: "math/rand"},
 	{Name: "tarinsecurepath", Package: "archive/tar"},
+	{Name: "tls10server", Package: "crypto/tls", Changed: 22, Old: "1"},
 	{Name: "tlsmaxrsasize", Package: "crypto/tls"},
 	{Name: "x509sha1", Package: "crypto/x509"},
 	{Name: "x509usefallbackroots", Package: "crypto/x509"},