Add a new property to SecurityContext
to control the minimum TLS version like:
abstract interface class SecurityContext { ... /// The minimum TLS version to use when establishing a secure connection. /// /// If the value is changed, it will only affect new connections. Existing /// connections will continue to use the protocol that was negotiated with the /// peer. abstract TlsProtocolVersion minimumTlsProtocolVersion; };
Allows the developer to refuse TLS connections that aren't sufficiently secure.
See #54901
All classes that implements SecurityContext
(without extends Mock or equivalent noSuchMethod implementation) will need to be updated.
A search on Github finds one such instance outside of the Dart SDK.
Developers implementing SecurityContext
must add the minimumTlsProtocolVersion
field.
N/A
API POC PR: https://dart-review.googlesource.com/c/sdk/+/365664