tls: remove deprecated prefer_server_cipher_suites field (#23712)

The TLS configuration object includes a deprecated `prefer_server_cipher_suites` field. In version of Go prior to 1.17, this property controlled whether a TLS connection would use the cipher suites preferred by the server or by the client. This field is ignored as of 1.17 and, according to the `crypto/tls` docs: "Servers now select the best mutually supported cipher suite based on logic that takes into account inferred client hardware, server hardware, and security." This property has been long-deprecated and leaving it in place may lead to false assumptions about how cipher suites are negotiated in connection to a server. So we want to remove it in Nomad 1.9.0. Fixes: https://github.com/hashicorp/nomad-enterprise/issues/999 Ref: https://hashicorp.atlassian.net/browse/NET-10531
2026-01-01 16:05:42 +03:00 · 2024-08-01 08:52:05 -04:00
parent 8c5ae0783d
commit 9d4686c0df
9 changed files with 53 additions and 125 deletions
--- a/command/agent/testdata/basic.json
+++ b/command/agent/testdata/basic.json
@@ -389,7 +389,6 @@
      "rpc_upgrade_mode": true,
      "tls_cipher_suites": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "tls_min_version": "tls12",
-      "tls_prefer_server_cipher_suites": true,
      "verify_https_client": true,
      "verify_server_hostname": true
    }