Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add tlsmin connection parameter #45

Merged
merged 5 commits into from
Aug 8, 2022
Merged

add tlsmin connection parameter #45

merged 5 commits into from
Aug 8, 2022

Conversation

shueybubbles
Copy link
Collaborator

Fixes #33
Adds tlsmin parameter to the connection string to enable use of 1.0 and 1.1 as needed.

github-actions[bot]
github-actions bot reviewed Aug 2, 2022
View reviewed changes
msdsn/conn_str.go Outdated Show resolved Hide resolved
@codecov-commenter
Copy link

codecov-commenter commented Aug 2, 2022
edited
Loading

Codecov Report

Merging #45 (5f09ec8) into main (c33ed63) will increase coverage by 0.10%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main      #45      +/-   ##
==========================================
+ Coverage   72.03%   72.14%   +0.10%     
==========================================
  Files          23       23              
  Lines        5604     5604              
==========================================
+ Hits         4037     4043       +6     
+ Misses       1319     1314       -5     
+ Partials      248      247       -1
Impacted Files Coverage Δ
tds.go 71.78% <0.00%> (+0.64%) ⬆️
token.go 64.44% <0.00%> (-0.44%) ⬇️
mssql.go 85.78% <0.00%> (+0.34%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us.

apoorvdeshmukh
apoorvdeshmukh approved these changes Aug 4, 2022
View reviewed changes
Copy link

@apoorvdeshmukh apoorvdeshmukh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks Good

@efjoubert
Copy link

I am just adding this comment here
This will resolve the issue

Just change the code at the beginning in SetupTLS to

config := tls.Config{
ServerName: hostInCertificate,
InsecureSkipVerify: insecureSkipVerify,

// fix for https://github.com/microsoft/go-mssqldb/issues/166
// Go implementation of TLS payload size heuristic algorithm splits single TDS package to multiple TCP segments,
// while SQL Server seems to expect one TCP segment per encrypted TDS package.
// Setting DynamicRecordSizingDisabled to true disables that algorithm and uses 16384 bytes per TLS package
DynamicRecordSizingDisabled: true,
MinVersion:                  tls.VersionTLS10, //this is added

}

@shueybubbles
Copy link
Collaborator Author

I am just adding this comment here This will resolve the issue

Just change the code at the beginning in SetupTLS to

config := tls.Config{ ServerName: hostInCertificate, InsecureSkipVerify: insecureSkipVerify,

// fix for https://github.com/microsoft/go-mssqldb/issues/166
// Go implementation of TLS payload size heuristic algorithm splits single TDS package to multiple TCP segments,
// while SQL Server seems to expect one TCP segment per encrypted TDS package.
// Setting DynamicRecordSizingDisabled to true disables that algorithm and uses 16384 bytes per TLS package
DynamicRecordSizingDisabled: true,
MinVersion:                  tls.VersionTLS10, //this is added

}

I don't think the goal is to make 1.0 the default all the time, as it's not secure.

@shueybubbles shueybubbles merged commit 2d408c3 into main Aug 8, 2022
@shueybubbles shueybubbles deleted the shueybubbles/tlsmin branch February 17, 2023 16:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@apoorvdeshmukh apoorvdeshmukh apoorvdeshmukh approved these changes

@kenvanhyning kenvanhyning Awaiting requested review from kenvanhyning

@stuartpa stuartpa Awaiting requested review from stuartpa

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Go version 1.18 TLS 1.0 and 1.1 disabled by default client-side (sql server old TLS versions not work)
4 participants
@shueybubbles @codecov-commenter @efjoubert @apoorvdeshmukh