Breaking change: 55679

57 views

Skip to first unread message

Brian Quinlan

unread,

May 9, 2024, 4:51:08 PMMay 9

to anno...@dartlang.org

Discussion at:

https://github.com/dart-lang/sdk/issues/55679

Change Intent

Add a new property to SecurityContext to control the minimum TLS version like:

abstract interface class SecurityContext {
  ...
  /// The minimum TLS version to use when establishing a secure connection.
  ///
  /// If the value is changed, it will only affect new connections. Existing
  /// connections will continue to use the protocol that was negotiated with the
  /// peer.
  abstract TlsProtocolVersion minimumTlsProtocolVersion;
};

Justification

Allows the developer to refuse TLS connections that aren't sufficiently secure.

See #54901

Impact

All classes that implements SecurityContext (without extends Mock or equivalent noSuchMethod implementation) will need to be updated.

A search on Github finds one such instance outside of the Dart SDK.

Mitigation

Developers implementing SecurityContext must add the minimumTlsProtocolVersion field.

Change Timeline

N/A

Associated CLs

API POC PR: https://dart-review.googlesource.com/c/sdk/+/365664

Reply all

Reply to author

Forward

0 new messages