Change in dart/sdk[master]: Switch to TLS 1.2 as minimum requirement according to https://tools.i…

Copybara Prod (Gerrit)

unread,

Mar 21, 2020, 9:51:05 AM3/21/20

to rev...@dartlang.org

Copybara Prod has uploaded this change for review.

Switch to TLS 1.2 as minimum requirement according to https://tools.i…

…etf.org/id/draft-ietf-tls-oldversions-deprecate-06.txt

Closes https://github.com/dart-lang/sdk/pull/41135
https://github.com/dart-lang/sdk/pull/41135

GitOrigin-RevId: 8eec9354bc88881d405d78992ac05a77cbbc6929
Change-Id: Ic8340eee7fa26846302727672ca7989ce1e93c99
---
M runtime/bin/security_context.cc
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/runtime/bin/security_context.cc b/runtime/bin/security_context.cc
index 5d649df..6c72825 100644
--- a/runtime/bin/security_context.cc
+++ b/runtime/bin/security_context.cc
@@ -805,7 +805,7 @@
   SSLFilter::InitializeLibrary();
   SSL_CTX* ctx = SSL_CTX_new(TLS_method());
   SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLCertContext::CertificateCallback);
-  SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
+  SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
   SSL_CTX_set_cipher_list(ctx, "HIGH:MEDIUM");
   SSLCertContext* context = new SSLCertContext(ctx);
   Dart_Handle err = SetSecurityContext(args, context);

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Ben Konyi (Gerrit)

unread,

Mar 24, 2020, 7:56:20 PM3/24/20

to Copybara Prod, rev...@dartlang.org, Ryan Macnak, Siva Annamalai

This change looks simple enough but I'm going to loop in a couple of team members to confirm there's no issue with this. Thanks!

Patch set 1:Commit-Queue +1

View Change

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Siva Annamalai (Gerrit)

unread,

Mar 24, 2020, 8:07:19 PM3/24/20

to Copybara Prod, rev...@dartlang.org, commi...@chromium.org, Ryan Macnak, Ben Konyi

Would this be a breaking change in Fuchsia ?

Patch set 1:Code-Review +1

View Change

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Ryan Macnak (Gerrit)

unread,

Mar 24, 2020, 8:11:56 PM3/24/20

to Copybara Prod, Ben Konyi, Siva Annamalai, rev...@dartlang.org, commi...@chromium.org

Ryan Macnak uploaded patch set #2 to the change originally created by Copybara Prod.

View Change

Switch to TLS 1.2 as minimum requirement according to https://tools.ietf.org/id/draft-ietf-tls-oldversions-deprecate-06.txt



Closes https://github.com/dart-lang/sdk/pull/41135
https://github.com/dart-lang/sdk/pull/41135

GitOrigin-RevId: 8eec9354bc88881d405d78992ac05a77cbbc6929
Change-Id: Ic8340eee7fa26846302727672ca7989ce1e93c99
---
M runtime/bin/security_context.cc
1 file changed, 1 insertion(+), 1 deletion(-)

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Ryan Macnak (Gerrit)

unread,

Mar 24, 2020, 8:14:33 PM3/24/20

to Copybara Prod, rev...@dartlang.org, Jonas Termansen, Zichang Guo, Siva Annamalai, commi...@chromium.org, Ben Konyi

This warrants a CHANGELOG entry at least.

View Change

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Jonas Termansen (Gerrit)

unread,

Mar 25, 2020, 11:43:44 AM3/25/20

to Ryan Macnak, Loganaden Velvindron, Copybara Prod, rev...@dartlang.org, Zichang Guo, Siva Annamalai, commi...@chromium.org, Ben Konyi

I'm a fan of this change, in principle. I'm unclear about the exact impact, so we must not merge this until we know for sure.

We'll want to send this through the breaking change policy. It's very likely Flutter customers will run into issues with servers outside of their control. We have a social responsibility to push internet security forward so some amount of breakage should be tolerated. Chrome's plan is to remove TLS 1.0 and TLS 1.1 in the imminent Chrome 81 release <https://www.chromestatus.com/feature/5759116003770368>. We may want to synchronize with their timetable, then there would be less confusion from our customers if the page doesn't load in Chrome in the first place. On the other hand, right now such pages are loaded as Not Secure.

We'll want to do a G3 global presubmit. If any servers don't speak TLS 1.2, it could be a significant breakage if we're not ready.

View Change

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Copybara Prod (Gerrit)

unread,

Mar 30, 2020, 1:46:37 PM3/30/20

to Loganaden Velvindron, Jonas Termansen, Zichang Guo, Ben Konyi, Siva Annamalai, rev...@dartlang.org, commi...@chromium.org

Copybara Prod uploaded patch set #3 to this change.

View Change

Switch to TLS 1.2 as minimum requirement

According to https://tools.ietf.org/id/draft-ietf-tls-oldversions-deprecate-06.txt



Closes https://github.com/dart-lang/sdk/pull/41135
https://github.com/dart-lang/sdk/pull/41135

GitOrigin-RevId: e1dc037c1e22996b2085e3d16427525c033bdc01


Change-Id: Ic8340eee7fa26846302727672ca7989ce1e93c99
---
M runtime/bin/security_context.cc
1 file changed, 1 insertion(+), 1 deletion(-)

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Michael Thomsen (Gerrit)

unread,

Jun 3, 2020, 11:08:27 AM6/3/20

to Loganaden Velvindron, Copybara Prod, rev...@dartlang.org, Jonas Termansen, Zichang Guo, Siva Annamalai, commi...@chromium.org, Ben Konyi

I someone moving this forward?

View Change

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Siva Annamalai (Gerrit)

unread,

Jun 15, 2020, 11:25:32 AM6/15/20

to Loganaden Velvindron, Copybara Prod, rev...@dartlang.org, Michael Thomsen, Jonas Termansen, Zichang Guo, commi...@chromium.org, Ben Konyi

Patch Set 3:

I someone moving this forward?

I see three tasks that need to be completed before this lands

see if need to go through the breaking change policy for this change
see if there are any google3 impact because of this CL by doing a G3 global presubmit run
see if any of the Flutter customers would get impacted by this change.

I can shepherd this process and will need help from mit@ for the first one (breaking change), davidmorgan@ for the second one (G3 presubmit) and zra@ for the third one.

View Change

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Jonas Termansen (Gerrit)

unread,

Jun 15, 2020, 3:03:36 PM6/15/20

to Loganaden Velvindron, Copybara Prod, rev...@dartlang.org, Michael Thomsen, Zichang Guo, Siva Annamalai, commi...@chromium.org, Ben Konyi

Sounds good. Chrome will also be making a similar change in the upcoming 84 release <https://www.chromestatus.com/feature/5759116003770368>.

View Change

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Siva Annamalai (Gerrit)

unread,

Aug 10, 2021, 6:50:33 PM8/10/21

to Copybara Prod, rev...@dartlang.org, Jonas Termansen, Michael Thomsen, commi...@chromium.org, Ben Konyi

Patch set 3:Code-Review +1

View Change

1 comment:

Patchset:
- Patch Set #3:
  Step 1 : Breaking change request has been filed here https://github.com/dart-lang/sdk/issues/46875

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Michael Thomsen (Gerrit)

unread,

Sep 29, 2021, 11:07:44 AM9/29/21

to Copybara Prod, rev...@dartlang.org, Ivan Inozemtsev, Jonas Termansen, Siva Annamalai, commi...@chromium.org, Ben Konyi

View Change

1 comment:

Patchset:
- Patch Set #3:
  What is the status of this CL?

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Siva Annamalai (Gerrit)

unread,

Oct 1, 2021, 2:35:12 PM10/1/21

to Copybara Prod, rev...@dartlang.org, Ivan Inozemtsev, Jonas Termansen, Michael Thomsen, commi...@chromium.org, Ben Konyi

Attention is currently required from: Michael Thomsen.

View Change

1 comment:

Patchset:

- Patch Set #3:
  What is the status of this CL?

- We have the breaking change request reviewed and approved, the CL is ready to land.

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Michael Thomsen (Gerrit)

unread,

Oct 4, 2021, 5:00:04 AM10/4/21

to Copybara Prod, rev...@dartlang.org, Ivan Inozemtsev, Jonas Termansen, Siva Annamalai, commi...@chromium.org, Ben Konyi

Patch set 3:Commit-Queue +2

View Change

1 comment:

Patchset:
- Patch Set #3:
  We have the breaking change request reviewed and approved, the CL is ready to land.
  Thanks, I'll merge this now!

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Michael Thomsen (Gerrit)

unread,

Oct 4, 2021, 5:04:16 AM10/4/21

to Copybara Prod, rev...@dartlang.org

Attention is currently required from: Michael Thomsen.

Michael Thomsen uploaded patch set #4 to the change originally created by Copybara Prod.

View Change

Switch to TLS 1.2 as minimum requirement

According to https://tools.ietf.org/id/draft-ietf-tls-oldversions-deprecate-06.txt

TEST=Not applicable, config change.



Closes https://github.com/dart-lang/sdk/pull/41135
https://github.com/dart-lang/sdk/pull/41135

GitOrigin-RevId: e1dc037c1e22996b2085e3d16427525c033bdc01


Change-Id: Ic8340eee7fa26846302727672ca7989ce1e93c99
---
M runtime/bin/security_context.cc

1 file changed, 18 insertions(+), 1 deletion(-)

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Michael Thomsen (Gerrit)

unread,

Oct 4, 2021, 5:04:26 AM10/4/21

to Copybara Prod, rev...@dartlang.org, Ivan Inozemtsev, Jonas Termansen, Siva Annamalai, commi...@chromium.org, Ben Konyi

Attention is currently required from: Michael Thomsen.

Patch set 4:Commit-Queue +2

View Change

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

commit-bot@chromium.org (Gerrit)

unread,

Oct 4, 2021, 5:51:46 AM10/4/21

to Copybara Prod, rev...@dartlang.org, Michael Thomsen, Ivan Inozemtsev, Jonas Termansen, Siva Annamalai, Ben Konyi

commi...@chromium.org submitted this change.

View Change



3 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.

Approvals:
  Siva Annamalai: Looks good to me, approved
  Michael Thomsen: Commit

Switch to TLS 1.2 as minimum requirement

According to https://tools.ietf.org/id/draft-ietf-tls-oldversions-deprecate-06.txt

TEST=Not applicable, config change.

Closes https://github.com/dart-lang/sdk/pull/41135
https://github.com/dart-lang/sdk/pull/41135

GitOrigin-RevId: e1dc037c1e22996b2085e3d16427525c033bdc01
Change-Id: Ic8340eee7fa26846302727672ca7989ce1e93c99
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/140481
Commit-Queue: Michael Thomsen <m...@google.com>
Reviewed-by: Siva Annamalai <as...@google.com>
---
M runtime/bin/security_context.cc
1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/runtime/bin/security_context.cc b/runtime/bin/security_context.cc
index d2cd927..ee431c8 100644
--- a/runtime/bin/security_context.cc
+++ b/runtime/bin/security_context.cc
@@ -807,7 +807,7 @@


   SSLFilter::InitializeLibrary();
   SSL_CTX* ctx = SSL_CTX_new(TLS_method());
   SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLCertContext::CertificateCallback);
-  SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
+  SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
   SSL_CTX_set_cipher_list(ctx, "HIGH:MEDIUM");
   SSLCertContext* context = new SSLCertContext(ctx);
   Dart_Handle err = SetSecurityContext(args, context);

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Dart CI (Gerrit)

unread,

Oct 4, 2021, 6:26:25 AM10/4/21

to commi...@chromium.org, Copybara Prod, rev...@dartlang.org, Michael Thomsen, Ivan Inozemtsev, Jonas Termansen, Siva Annamalai, Ben Konyi

go/dart-cbuild result: SUCCESS

Details: https://goto.google.com/dart-cbuild/find/8062c4cc6719f2f3f75b2b8ca4f6bcfb7b3679f0

View Change

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Michael Thomsen (Gerrit)

unread,

Oct 4, 2021, 6:28:20 AM10/4/21

to commi...@chromium.org, Copybara Prod, rev...@dartlang.org, Dart CI, Ivan Inozemtsev, Jonas Termansen, Siva Annamalai, Ben Konyi

View Change

1 comment:

Patchset:
- Patch Set #5:
  Changelog update in https://dart-review.googlesource.com/c/sdk/+/215404

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Kevin Moore (Gerrit)

unread,

Oct 4, 2021, 10:15:55 AM10/4/21

to commi...@chromium.org, Copybara Prod, rev...@dartlang.org, Dart CI, Michael Thomsen, Ivan Inozemtsev, Jonas Termansen, Siva Annamalai, Ben Konyi

View Change

1 comment:

Patchset:
- Patch Set #5:
  Is this worth a changelog entry?

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Michael Thomsen

unread,

Oct 4, 2021, 12:18:44 PM10/4/21

to change...@dart-review.googlesource.com, Commit Bot, Copybara Prod, rev...@dartlang.org, Dart CI, Ivan Inozemtsev, Jonas Termansen, Siva Annamalai, Ben Konyi

Yes, already underway and linked from the issue

Michael Thomsen (Gerrit)

unread,

Oct 4, 2021, 12:18:48 PM10/4/21

to commi...@chromium.org, Copybara Prod, rev...@dartlang.org, Kevin Moore, Dart CI, Ivan Inozemtsev, Jonas Termansen, Siva Annamalai, Ben Konyi

Yes, already underway and linked from the issue

View Change

1 comment:

Patchset:
- Patch Set #5:
  Yes, already underway and linked from the issue

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Kevin Moore

unread,

Oct 4, 2021, 12:42:44 PM10/4/21

to change...@dart-review.googlesource.com, commi...@chromium.org, Copybara Prod, rev...@dartlang.org, Dart CI, Ivan Inozemtsev, Jonas Termansen, Siva Annamalai, Ben Konyi

👍

Kevin Moore (Gerrit)

unread,

Oct 4, 2021, 12:50:56 PM10/4/21

to commi...@chromium.org, Copybara Prod, rev...@dartlang.org, Dart CI, Michael Thomsen, Ivan Inozemtsev, Jonas Termansen, Siva Annamalai, Ben Konyi

👍

View Change

1 comment:

Patchset:
- Patch Set #5:
  👍

To view, visit change 140481. To unsubscribe, or for help writing mail filters, visit settings.

Reply all

Reply to author

Forward