From 21d46bbe32ffb9ab6d87d9ae83cb44f55126ecc7 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Thu, 18 Apr 2019 09:17:20 +0900
Subject: [PATCH] add an experiment to prefer TLS 1.3 over secio

License: MIT
Signed-off-by: Marten Seemann <martenseemann@gmail.com>
---
 core/node/libp2p.go           |  6 +++++-
 docs/experimental-features.md | 19 +++++++++++++++++++
 go.mod                        |  2 +-
 go.sum                        |  2 ++
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/core/node/libp2p.go b/core/node/libp2p.go
index a4feb6cd352..ee29dd8350c 100644
--- a/core/node/libp2p.go
+++ b/core/node/libp2p.go
@@ -362,7 +362,11 @@ func P2PSecurity(enabled bool) interface{} {
 		}
 	}
 	return func(cfg *config.Config) (opts Libp2pOpts) {
-		opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New)))
+		if cfg.Experimental.PreferTLS {
+			opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(tls.ID, tls.New), libp2p.Security(secio.ID, secio.New)))
+		} else {
+			opts.Opts = append(opts.Opts, libp2p.ChainOptions(libp2p.Security(secio.ID, secio.New), libp2p.Security(tls.ID, tls.New)))
+		}
 		return opts
 	}
 }
diff --git a/docs/experimental-features.md b/docs/experimental-features.md
index 192cd61d82f..2bedaafb17f 100644
--- a/docs/experimental-features.md
+++ b/docs/experimental-features.md
@@ -683,3 +683,22 @@ ipfs config --json Swarm.EnableAutoNATService true
 ### Road to being a real feature
 
 - [ ] needs testing
+
+
+## TLS 1.3 as default handshake protocol
+
+### State
+
+Every node accepts secio and TLS 1.3 connections, but prefers secio over TLS when dialing.
+
+### How to enable
+
+Modify your ipfs config:
+
+```
+ipfs config --json Experimental.PreferTLS true
+```
+
+### Road to being a real feature
+
+- [ ] needs testing
diff --git a/go.mod b/go.mod
index 9e522242185..8f7efb0e0c9 100644
--- a/go.mod
+++ b/go.mod
@@ -34,7 +34,7 @@ require (
 	github.com/ipfs/go-ipfs-chunker v0.0.1
 	github.com/ipfs/go-ipfs-cmdkit v0.0.1
 	github.com/ipfs/go-ipfs-cmds v0.0.5
-	github.com/ipfs/go-ipfs-config v0.0.1
+	github.com/ipfs/go-ipfs-config v0.0.2
 	github.com/ipfs/go-ipfs-ds-help v0.0.1
 	github.com/ipfs/go-ipfs-exchange-interface v0.0.1
 	github.com/ipfs/go-ipfs-exchange-offline v0.0.1
diff --git a/go.sum b/go.sum
index ebcae5c1445..cf3029493b8 100644
--- a/go.sum
+++ b/go.sum
@@ -160,6 +160,8 @@ github.com/ipfs/go-ipfs-cmds v0.0.5 h1:+blTEnA0MzkQO86WnpfGnchdojrY5wJLhsbby3/JX
 github.com/ipfs/go-ipfs-cmds v0.0.5/go.mod h1:1QVgxSgenZvOMGVC/XUTC7tJxRBGPLxYvpgPpCi3DUk=
 github.com/ipfs/go-ipfs-config v0.0.1 h1:6ED08emzI1imdsAjixFi2pEyZxTVD5ECKtCOxLBx+Uc=
 github.com/ipfs/go-ipfs-config v0.0.1/go.mod h1:KDbHjNyg4e6LLQSQpkgQMBz6Jf4LXiWAcmnkcwmH0DU=
+github.com/ipfs/go-ipfs-config v0.0.2 h1:gmSXTvsuqE6ES1bK9LziWNaEiVkV2Mu/9c50D0haVJY=
+github.com/ipfs/go-ipfs-config v0.0.2/go.mod h1:KDbHjNyg4e6LLQSQpkgQMBz6Jf4LXiWAcmnkcwmH0DU=
 github.com/ipfs/go-ipfs-delay v0.0.0-20181109222059-70721b86a9a8/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw=
 github.com/ipfs/go-ipfs-delay v0.0.1 h1:r/UXYyRcddO6thwOnhiznIAiSvxMECGgtv35Xs1IeRQ=
 github.com/ipfs/go-ipfs-delay v0.0.1/go.mod h1:8SP1YXK1M1kXuc4KJZINY3TQQ03J2rwBG9QfXmbRPrw=