grpc-go: advancedtls: unable to configure TLS config

grpc/credentials/tls.go provides a function which takes a *tls.Config and returns TransportCredentials. This allows the server to configure some important TLS attributes such as MinVersion and CipherSuites.

I am now looking to use advancedtls to give CRL capabilities, however the config field here is private and create only by the NewServerCreds function. Following how this config is made I do not see any way to configure these fields in the advancedtls tls.Config field.

I think it would be good to have this exposed or have a function which takes this as a parameter.

About this issue

Original URL
State: open
Created 2 years ago
Comments: 17 (12 by maintainers)

Commits related to this issue

advancedtls: add min/max TLS version option Adding an "TlsVersionOption" for users to select their desired min/max TLS versions, if advanced TLS is used, per request by #5667 RELEASE NOTES: securit... — committed to joeljeske/grpc-go by ZhenLian 2 years ago

Most upvoted comments

+1 on supporting some important TLS attributes such as MinVersion and CipherSuites

stanleymho on Dec 2, 2022

Hiding configurable attributes in an ‘advanced’ package seems like an odd way to go about things. Seems like it should be the opposite where the advanced package gives enhanced customizability which most users don’t need.

ClientAuth is also used by me, in particular I set tls.RequireAndVerifyClientCert which the advancedtls package actually downgrades to tls.RequireAnyClientCert which breaks TLSInfo.State.VerifiedChains

RonanMacF on Nov 1, 2022