Go 1.5 migration #3454
Merged
Go 1.5 migration #3454
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joshblakeley
reviewed
Feb 6, 2021
Go 1.4 introduced TLS 1.3 by default, which we can't do since a lot of our clients depend on 1.2. For example one of 1.3 breaking "features" is inability to explicity set TLS ciphers (in 1.3 they should be picked automatically), and a lot of enterprises depend on it. In order to make it non breaking change I added new MaxSSLVersion attributes to all needed sections, so by default 1.2 will be used everywhere. Additionally fixed a bunch of tests (not realted to 1.5 change from what I see). All the vendoring removed as well!
buger
added a commit
that referenced
this pull request
Feb 19, 2021
Go 1.4 introduced TLS 1.3 by default, which we can't do since a lot of our clients depend on 1.2.
In order to disable 1.3 Go added new `MaxVersion` option to `tls.Config` structure.
For example one of 1.3 breaking "features" is the inability to explicitly set TLS ciphers (in 1.3 they should be picked automatically), and a lot of enterprises depend on it.
In order to make it non-breaking change I added new max SSL version attributes to all needed sections (everywhere where there is min version), and it is set to 1.2 by default.
New config fields:
`http_server_options.max_version`
`proxy_ssl_max_version`
Api definition fields:
`proxy.transport.ssl_max_version`
Additionally, fixed a bunch of tests (not related to 1.5 change from what I see).
All the vendoring removed as well!
As part of QA we need to ensure that all outbound and inbound Gateway calls use TLS 1.2, which includes:
- [ ] Uptime tests
- [ ] JSVM HTTP calls
- [ ] Batch API
- [ ] Reverse proxy
- [ ] Gateway -> Dashboard communication
- [ ] Gateway -> MDCB communication
- [ ] UDG GraphQL and JSON data sources
<!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality)
<!-- Go over all the following points, and put an `x` in all the boxes that apply -->
<!-- If you're unsure about any of these, don't hesitate to ask; we're here to help! -->
- [x] Make sure you are requesting to **pull a topic/feature/bugfix branch** (right side). If pulling from your own
fork, don't request your `master`!
- [x] Make sure you are making a pull request against the **`master` branch** (left side). Also, you should start
*your branch* off *our latest `master`*.
- [x] My change requires a change to the documentation.
- [ ] If you've changed APIs, describe what needs to be updated in the documentation.
- [ ] If new config option added, ensure that it can be set via ENV variable
- [ ] I have updated the documentation accordingly.
- [x] Modules and vendor dependencies have been updated; run `go mod tidy && go mod vendor`
- [ ] When updating library version must provide reason/explanation for this update.
- [x] I have added tests to cover my changes.
- [x] All new and existing tests passed.
- [x] Check your code additions will not fail linting checks:
- [x] `go fmt -s`
- [x] `go vet`
buger
added a commit
that referenced
this pull request
Mar 10, 2021
Go 1.4 introduced TLS 1.3 by default, which we can't do since a lot of our clients depend on 1.2.
In order to disable 1.3 Go added new `MaxVersion` option to `tls.Config` structure.
For example one of 1.3 breaking "features" is the inability to explicitly set TLS ciphers (in 1.3 they should be picked automatically), and a lot of enterprises depend on it.
In order to make it non-breaking change I added new max SSL version attributes to all needed sections (everywhere where there is min version), and it is set to 1.2 by default.
New config fields:
`http_server_options.max_version`
`proxy_ssl_max_version`
Api definition fields:
`proxy.transport.ssl_max_version`
Additionally, fixed a bunch of tests (not related to 1.5 change from what I see).
All the vendoring removed as well!
As part of QA we need to ensure that all outbound and inbound Gateway calls use TLS 1.2, which includes:
- [ ] Uptime tests
- [ ] JSVM HTTP calls
- [ ] Batch API
- [ ] Reverse proxy
- [ ] Gateway -> Dashboard communication
- [ ] Gateway -> MDCB communication
- [ ] UDG GraphQL and JSON data sources
<!-- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [ ] Refactoring or add test (improvements in base code or adds test coverage to functionality)
<!-- Go over all the following points, and put an `x` in all the boxes that apply -->
<!-- If you're unsure about any of these, don't hesitate to ask; we're here to help! -->
- [x] Make sure you are requesting to **pull a topic/feature/bugfix branch** (right side). If pulling from your own
fork, don't request your `master`!
- [x] Make sure you are making a pull request against the **`master` branch** (left side). Also, you should start
*your branch* off *our latest `master`*.
- [x] My change requires a change to the documentation.
- [ ] If you've changed APIs, describe what needs to be updated in the documentation.
- [ ] If new config option added, ensure that it can be set via ENV variable
- [ ] I have updated the documentation accordingly.
- [x] Modules and vendor dependencies have been updated; run `go mod tidy && go mod vendor`
- [ ] When updating library version must provide reason/explanation for this update.
- [x] I have added tests to cover my changes.
- [x] All new and existing tests passed.
- [x] Check your code additions will not fail linting checks:
- [x] `go fmt -s`
- [x] `go vet`
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Go 1.4 introduced TLS 1.3 by default, which we can't do since a lot of our clients depend on 1.2.
In order to disable 1.3 Go added new
MaxVersionoption totls.Configstructure.For example one of 1.3 breaking "features" is the inability to explicitly set TLS ciphers (in 1.3 they should be picked automatically), and a lot of enterprises depend on it.
In order to make it non-breaking change I added new max SSL version attributes to all needed sections (everywhere where there is min version), and it is set to 1.2 by default.
New config fields:
http_server_options.max_versionproxy_ssl_max_versionApi definition fields:
proxy.transport.ssl_max_versionAdditionally, fixed a bunch of tests (not related to 1.5 change from what I see).
All the vendoring removed as well!
As part of QA we need to ensure that all outbound and inbound Gateway calls use TLS 1.2, which includes:
Types of changes
Checklist
fork, don't request your
master!masterbranch (left side). Also, you should startyour branch off our latest
master.go mod tidy && go mod vendorgo fmt -sgo vet