Introduce tlscommon.SetInsecureDefaults (#260)

Author: michel-laterman

transport/tlscommon/versions_default.go

@@ -27,7 +27,9 @@ const (
 	TLSVersion11 TLSVersion = tls.VersionTLS11
 	TLSVersion12 TLSVersion = tls.VersionTLS12
 	TLSVersion13 TLSVersion = tls.VersionTLS13
+)
 
+var (
 	// TLSVersionMin is the min TLS version supported.
 	TLSVersionMin = TLSVersion10
 
@@ -58,6 +60,20 @@ var tlsProtocolVersions = map[string]TLSVersion{
 	"TLSv1.3": TLSVersion13,
 }
 
+// SetInsecureDefaults is currently a nop as the default versions have not changed.
+//
+// This function is used to avoid a breaking change on previous releases.
+// We plan on the default minimum versions list to exclude TLS1.1, and not allow TLS1.0 in a future library update.
+func SetInsecureDefaults() {
+	TLSVersionMin = TLSVersion10
+	TLSVersionDefaultMin = TLSVersion11
+	TLSDefaultVersions = []TLSVersion{
+		TLSVersion11,
+		TLSVersion12,
+		TLSVersion13,
+	}
+}
+
 // Intended for ECS's tls.version_protocol_field, which does not include
 // numeric version and should be lower case
 type TLSVersionDetails struct {