Following go1.18 TLS changes
32 views
Skip to first unread message
Julien Pivotto
Apr 19, 2022, 11:11:05 AM4/19/22
to prometheus-developers
Dear developers
Go1.18 changes the default minimum TLS version for the client to TLSv1.2.
Prometheus 2.35 will be built with Go1.18.
I am introducing a setting for users that might be broken by
this upstreamchange:
tls_config:
min_version: TLS10
(TLS10 comes from the way we specify TLS versions in the Exporter
toolkit, which comes from go/crypto variable names).
https://github.com/prometheus/common/pull/375
I am not more clever than the go team in deciding which should be the
default TLS version, and I strongly think that as an industry we need to
move to TLS1.2+. Therefore I plan to leave the go runtime defaults.
Affected users can also set GODEBUG=tls10default=1 for go1.18 to revert this
change temporarily (this workaround will be removed in go1.19).
Regards,
--
Julien Pivotto
@roidelapluie
Go1.18 changes the default minimum TLS version for the client to TLSv1.2.
Prometheus 2.35 will be built with Go1.18.
I am introducing a setting for users that might be broken by
this upstreamchange:
tls_config:
min_version: TLS10
(TLS10 comes from the way we specify TLS versions in the Exporter
toolkit, which comes from go/crypto variable names).
https://github.com/prometheus/common/pull/375
I am not more clever than the go team in deciding which should be the
default TLS version, and I strongly think that as an industry we need to
move to TLS1.2+. Therefore I plan to leave the go runtime defaults.
Affected users can also set GODEBUG=tls10default=1 for go1.18 to revert this
change temporarily (this workaround will be removed in go1.19).
Regards,
--
Julien Pivotto
@roidelapluie
Reply all
Reply to author
Forward
0 new messages