add an experiment to prefer TLS 1.3 over secio

License: MIT Signed-off-by: Marten Seemann <martenseemann@gmail.com>
ipfs · Apr 18, 2019 · 1a9467f · 1a9467f
1 parent 810460b
commit 1a9467f
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 1 deletion.
diff --git a/core/core.go b/core/core.go
@@ -255,7 +255,11 @@ func (n *IpfsNode) startOnlineServices(ctx context.Context, routingOption Routin
 	libp2pOpts = append(libp2pOpts, libp2p.DefaultTransports)
 
 	// enable secio and TLS
-	libp2pOpts = append(libp2pOpts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New)))
+	if cfg.Experimental.PreferTLS {
+		libp2pOpts = append(libp2pOpts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New)))
+	} else {
+		libp2pOpts = append(libp2pOpts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New)))
+	}
 
 	if cfg.Experimental.QUIC {
 		libp2pOpts = append(libp2pOpts, libp2p.Transport(quic.NewTransport))

diff --git a/docs/experimental-features.md b/docs/experimental-features.md
@@ -683,3 +683,22 @@ ipfs config --json Swarm.EnableAutoNATService true
 ### Road to being a real feature
 
 - [ ] needs testing
+
+
+## TLS 1.3 as default handshake protocol
+
+### State
+
+Every node accepts secio and TLS 1.3 connections, but prefers secio over TLS when dialing.
+
+### How to enable
+
+Modify your ipfs config:
+
+```
+ipfs config --json Experimental.PreferTLS true
+```
+
+### Road to being a real feature
+
+- [ ] needs testing