feat: remove secio support

We've had a reliable and enabled by default TLS implementation since 0.4.23 (over a year ago) and turned off SECIO in September of last year. We might as well remove support entirely in the next release and encourage users to upgrade their networks. Noise is faster, anyways.
ipfs · Feb 25, 2021 · ccc2d23 · ccc2d23
1 parent 6527675
commit ccc2d23
Show file tree

Hide file tree

Showing 13 changed files with 14 additions and 364 deletions.
diff --git a/cmd/seccat/.gitignore b/cmd/seccat/.gitignore
diff --git a/cmd/seccat/seccat.go b/cmd/seccat/seccat.go
diff --git a/cmd/seccat/seccat_plan9.go b/cmd/seccat/seccat_plan9.go
diff --git a/cmd/seccat/seccat_posix.go b/cmd/seccat/seccat_posix.go
diff --git a/cmd/seccat/util.go b/cmd/seccat/util.go
diff --git a/core/node/libp2p/sec.go b/core/node/libp2p/sec.go
@@ -4,10 +4,14 @@ import (
 	config "github.com/ipfs/go-ipfs-config"
 	"github.com/libp2p/go-libp2p"
 	noise "github.com/libp2p/go-libp2p-noise"
-	secio "github.com/libp2p/go-libp2p-secio"
 	tls "github.com/libp2p/go-libp2p-tls"
 )
 
+const secioEnabledWarning = `The SECIO security transport was enabled in the config but is no longer supported.
+
+SECIO disabled by default in go-ipfs 0.7 removed in go-ipfs 0.9. Please remove
+Swarm.Transports.Security.SECIO from your IPFS config.`
+
 func Security(enabled bool, tptConfig config.Transports) interface{} {
 	if !enabled {
 		return func() (opts Libp2pOpts) {
@@ -18,16 +22,16 @@ func Security(enabled bool, tptConfig config.Transports) interface{} {
 		}
 	}
 
+	if _, enabled := tptConfig.Security.SECIO.WithDefault(config.Disabled); enabled {
+		log.Error(secioEnabledWarning)
+	}
+
 	// Using the new config options.
 	return func() (opts Libp2pOpts) {
 		opts.Opts = append(opts.Opts, prioritizeOptions([]priorityOption{{
 			priority:        tptConfig.Security.TLS,
 			defaultPriority: 100,
 			opt:             libp2p.Security(tls.ID, tls.New),
-		}, {
-			priority:        tptConfig.Security.SECIO,
-			defaultPriority: config.Disabled,
-			opt:             libp2p.Security(secio.ID, secio.New),
 		}, {
 			priority:        tptConfig.Security.Noise,
 			defaultPriority: 300,

diff --git a/docs/config.md b/docs/config.md
@@ -1352,8 +1352,7 @@ receiver supports. When establishing an _inbound_ connection, go-ipfs will let
 the initiator choose the protocol, but will refuse to use any of the disabled
 transports.
 
-Supported transports are: TLS (priority 100), SECIO (Disabled: i.e. priority false), Noise
-(priority 300).
+Supported transports are: TLS (priority 100) and Noise (priority 300).
 
 No default priority will ever be less than 100.
 
@@ -1369,14 +1368,7 @@ Type: `priority`
 
 #### `Swarm.Transports.Security.SECIO`
 
-[SECIO](https://github.com/libp2p/specs/tree/master/secio) was the most widely
-supported IPFS & libp2p security transport. However, it is currently being
-phased out in favor of more popular and better vetted protocols like TLS and
-Noise.
-
-Default: `false`
-
-Type: `priority`
+Support for SECIO has been removed. Please remove this option from your config.
 
 #### `Swarm.Transports.Security.Noise`