Releases: quic-go/quic-go
v0.43.1
This is a patch release that fixes a regression when calling http3.Server.ConnContext
introduced in v0.43.0.
Changelog
Full Changelog: v0.43.0...v0.43.1
v0.43.0
quic-go.net: Launching a new Documentation Site
With this release, we're launching a new documentation site for the quic-go projects (quic-go itself, HTTP/3, webtransport-go, and soon, masque-go): quic-go.net.
The documentation site aims to explain QUIC concepts and how they are made accessible using quic-go's API. This site replaces the wiki, and the ever-growing README files.
A lot of work has gone into the documentation already, but we're by no means done yet. The entire source is public in https://github.com/quic-go/docs/, and we're happy about community contributions.
HTTP Datagrams (RFC 9297)
This release adds support for HTTP Datagrams (RFC 9297), both on the client and on the server side (#4452). HTTP Datagrams are used in WebTransport in CONNECT-UDP (RFC 9298), among others.
The new API for HTTP Datagrams is described on the new documentation page: HTTP Datagrams. The integration of HTTP Datagram support necessitated a comprehensive refactor of the HTTP/3 package, resulting in several breaking API changes listed below.
Breaking Changes
- quicvarint: functions now return an
int
instead the internalprotocol.ByteCount
(#4365) - http3:
Server.SetQuicHeaders
was renamed toSetQUICHeaders
(#4377) - http3:
Server.QuicConfig
was renamed toQUICConfig
(#4384) - http3:
RoundTripper.QuicConfig
was renamed toQUICConfig
(#4385) - http3:
RoundTripOpt.CheckSettings
was removed (#4416). Use the newSingleDestinationRoundTripper
API instead. - http3: the
HTTPStreamer
interface is now implemented by thehttp.ResponseWriter
(and not thehttp.Request.Body
) (#4469) - include the maximum payload size in the
DatagramTooLargeError
(#4470)
Other Notable Changes
- GSO and ECN is disabled on kernel versions older than 5 (#4456)
- http3: logging can be controlled using an
slog.Logger
(#4449) - http3: HEAD requests can now be sent in 0-RTT (#4378)
- http3: duplicate QPACK encoder and decoder streams are not rejected as required by the RFC (#4388)
- http3: Extended CONNECT are blocked until the server's SETTINGS are received, as required by the RFC (#4450)
- http3: HTTP/3 client connections aren't removed if
RoundTrip
errors due to a cancelled context (#4448). Thanks to @GeorgeMac! - http3: sniff Content-Type when flushing the ResponseWriter (#4412). Thanks to @WeidiDeng!
- The
Context
exposed on thequic.Stream
is now derived from the connection's context (#4414) - The UDP send and receive buffer size was increased to 7 MiB (#4455). Thanks to @bt90!
Clarifications on the QUIC Stream State Machine
Calling CancelWrite after Close
After a long and fruitful discussion (#4404), we decided to clarify that calling CancelWrite
after Close
on a SendStream
(or a bidirectional stream) should cause a state transition from the "Data Sent" to the "Reset Sent" state, as described in section 3.1 of RFC 9000. This matches the current behavior of quic-go, however, it didn't match the API documentation (fixed in #4419).
This means that stream data will not be delivered reliably if CancelWrite
is called, and that this applies even if Close
was called before.
Garbage Collection of Streams
This release also changes the way streams are garbage-collected (and the peer is granted additional limit to open a new stream), once they're not needed anymore, in a subtle way:
Thanks to @sukunrt for extremely thorough and helpful reviews on both these PRs!
quic-go needs your support!
Is your project / company relying on quic-go?
Please consider funding the project. Any support is highly appreciated!
Changelog
- quicvarint: use int instead of internal protocol.ByteCount type by @marten-seemann in #4356
- http3: improve documentation for Server.SetQuicHeaders by @marten-seemann in #4376
- http3: make it possible to send HEAD requests in 0-RTT by @marten-seemann in #4378
- http3: don't modify any fields of the http.Request when doing 0-RTT by @marten-seemann in #4379
- http3: rename Server.SetQuicHeaders to Server.SetQUICHeaders by @marten-seemann in #4377
- add an integration test for 0-RTT GET requests by @marten-seemann in #4386
- http3: rename Server.QuicConfig to Server.QUICConfig by @marten-seemann in #4384
- http3: rename RoundTripper.QuicConfig to RoundTripper.QUICConfig by @marten-seemann in #4385
- http3: refactor the client's and server's unidirectional stream handling by @marten-seemann in #4387
- http3: reject duplicate QPACK decoder and encoder streams by @marten-seemann in #4388
- http3: introduce a way for the server to query the client's SETTINGS by @marten-seemann in #4389
- don't set the Allow0RTT flag for the client in the HTTP integration test by @marten-seemann in #4397
- http3: reference the correct RFCs in doc comments by @marten-seemann in #4399
- introduce a ConnectionTracingID type for the ConnectionTracingKey by @marten-seemann in #4400
- http3: pass tracing ID instead of quic.Connection to stream hijackers by @marten-seemann in #4401
- expose the connection tracing ID on the stream context by @marten-seemann in #4414
- http3: expose an OpenStream method on the RoundTripper by @marten-seemann in #4409
- http3: cancel reading on request stream if request processing fails by @marten-seemann in #4417
- http3: remove Settingser, StreamCreator, return Connection from Hijacker by @marten-seemann in #4425
- http3: expose a SingleDestinationRoundTripper by @marten-seemann in #4424
- http3: hide SendDatagram and ReceiveDatagram on the Connection by @marten-seemann in #4427
- fix documentation for CancelWrite after Close on the send stream by @marten-seemann in #4419
- http3: simplify buffering of small responses by @marten-seemann in #4432
- http3: simplify composition of the HTTP stream and request stream by @marten-seemann in #4433
- http3: remove Accept(Uni)Stream methods from the Connection interface by @marten-seemann in #4435
- http3: simplify tracking of content length by @marten-seemann in #4438
- http3: move length limiting to the body by @marten-seemann in #4439
- http3: fix flaky RoundTripper test by @marten-seemann in #4442
- http3: simplify response header writing by @marten-seemann in #4441
- http3: reuse clients on RoundTripOpt context canceled by @GeorgeMac in #4448
- http3: use a log/slog Logger for logging by @marten-seemann in #4449
- http3: remove RoundTripOpt.CheckSettings by @marten-seemann in #4416
- catch spurious UDP sendmsg errors in multiplex integration test by @marten-seemann in #4451
- http3: check server SETTINGS before sending an Extended CONNECT request by @marten-seemann in #4450
- http3: process 1xx status codes by @mchtech in #4437
- fix flaky server accept queue test by @marten-seemann in #4453
- http3: fix race condition when closing the RoundTripper by @marten-seemann in #4458
- Increase send/receive buffers to 7MiB by @bt90 in #4455
- testutils: add a token parameter to ComposeInitialPacket by @marten-seemann in #4391
- flowcontrol: make it possible to call Abandon multiple times by @marten-seemann in #4459
- disable GSO and ECN on kernels older than version 5 by @marten-seemann in #4456
- delay completion of the send stream until the reset error was delivered by @marten-seemann in #4445
- delay completion of the receive stream until the reset error was read by @marten-seemann in #4460
- http3: fix race condition in client unit test by @marten-seemann in #4463
- http3: add support for HTTP Datagrams (RFC 9297) by @marten-seemann in #4452
- README: link to the new documentation site by @marten-seemann in #4464
- http3: rename Settings.EnableDatagram to EnableDatagrams by @marten-seemann in #4466
- http3: implement on the HTTPStreamer on the Respon...
v0.42.0
New Features
- added a qlog tracer for events that happen before / outside of established connection: #4305
Notable Changes
- added a
ClientHelloInfo.AddrVerified
field: #4360 - move callback controlling address verification (
VerifySourceAddress
) to theTransport
: #4253 and #4362 - connections that are closed before being accepted are not removed from the server's accept queue: #4245
- http3: added a
RoundTripOpt.CheckSettings
callback to check the server's SETTINGS: #4355 - http3: send the HTTP/3 settings value for Extended CONNECT (RFC 9220): #4341
- http3: don't modify the user's
quic.Config
to enable QUIC datagram support: #4340
Fixes
- mitigate a memory exhaustion attack against QUIC's connection ID mechanism: #4369
- don't delay acknowledgments for packets during the handshake: #4279
- fix deadlock when closing both
Listener
andTransport
: #4332 - fix handling of IPv4-mapped IPv6 addresses: #4309
- fix duplicate logging of the
key_discarded
event for Handshake packets: #4274 - send CONNECTION_REFUSED when refusing connections: #4250
- http3: tighten validation logic for the :protocol pseudo header: #4261
What's Changed
- remove shutdown method on the Connection by @marten-seemann in #4249
- send the CONNECTION_REFUSED error when refusing a connection by @marten-seemann in #4250
- don't remove closed connections from the server's accept queue by @marten-seemann in #4245
- handshake: unexport Set{Read,Write}Key methods on the cryptoSetup by @marten-seemann in #4254
- handshake: fix documentation for updatableAEAD.SetWriteKey by @putyWang in #4256
- add Transport config options to limit the number of handshakes by @marten-seemann in #4248
- remove the RequireAddressValidation callback from the Config by @marten-seemann in #4253
- fix incorrect statement about connection ID lengths in the Transport by @marten-seemann in #4247
- remove unneeded nil check for new connections in the server by @marten-seemann in #4260
- ci: update to Go 1.22rc2 by @marten-seemann in #4267
- fix flaky handshake limiting test by @marten-seemann in #4270
- http3: only use :protocol pseudo-header for Extended CONNECT by @taoso in #4261
- fix flaky accept queue test by @marten-seemann in #4280
- fix flaky handshake limiting test by @marten-seemann in #4281
- only log the discarding of Handshake keys once by @marten-seemann in #4274
- testutils: add a perspective function parameter to ComposeInitialPacket by @marten-seemann in #4276
- fix flaky outgoing streams map test by @marten-seemann in #4283
- wire: remove FrameParser interface, expose FrameParser struct by @marten-seemann in #4284
- ackhandler: remove unused RTTStats from the received packet handler by @marten-seemann in #4287
- testutils: make the package public by @marten-seemann in #4290
- ci: remove unused depguard check for qtls by @marten-seemann in #4291
- ci: make Codecov ignore testutils and testdata by @marten-seemann in #4292
- testutils: expose aliases for all frames by @marten-seemann in #4293
- ackhandler: don't delay ACKs for Initial and Handshake packets by @marten-seemann in #4288
- protocol: rename VersionNumber to Version by @marten-seemann in #4295
- wire: optimize generation of Version Negotiation packets by @marten-seemann in #4278
- protocol: don't capitalize Perspective.String by @marten-seemann in #4296
- qlog: remove unneeded mutex from the ConnectionTracer by @marten-seemann in #4299
- qlog: rename qlog.go to connection_tracer.go by @marten-seemann in #4301
- qlog: disentangle the ConnectionTracer from the qlog writer by @marten-seemann in #4300
- logging: add a Debug function to the Tracer by @marten-seemann in #4297
- logging: add a Close function to the Tracer by @marten-seemann in #4298
- don't enqueue stream when receiving reordered MAX_STREAM_DATA frames by @marten-seemann in #4269
- fix flaky 0-RTT packet drop test by @marten-seemann in #4306
- handshake: validate HKDF-Expand-Label against crypto/tls implementation by @marten-seemann in #4311
- qlog: rename generation to key_phase on key_updated and key_discarded by @marten-seemann in #4315
- README: Add frp to list of projects by @bt90 in #4316
- ci: update to Go 1.22.0 by @marten-seemann in #4312
- avoid lock contention when accepting new connections by @marten-seemann in #4313
- ci: update Codecov action to v4 by @marten-seemann in #4321
- don't preallocate the slice for STREAM frames when composing a packet by @marten-seemann in #4314
- handshake: add benchmarks for the Initial AEAD by @marten-seemann in #4320
- only check for stateless resets if packet doesn't belong to a connection by @marten-seemann in #4322
- qtls: protect the tls.ClientSessionCache implementation with a mutex by @marten-seemann in #4319
- ci: update golangci-lint to v1.56.1 and golangci-lint action to v4 by @marten-seemann in #4326
- remove unused GetVersion function from quicConn interface by @marten-seemann in #4327
- reenable previously disabled server unit test by @marten-seemann in #4328
- remove unused getPerspective function from quicConn interface by @marten-seemann in #4329
- remove unused perspective arg from packetHandlerMap.ReplaceWithClosed by @marten-seemann in #4330
- http3: don't automatically set RoundTripper.QuicConfig.EnableDatagrams by @marten-seemann in #4340
- http3: send SETTINGS_ENABLE_CONNECT_PROTOCOL (for Extended CONNECT) by @marten-seemann in #4341
- http3: reject duplicate control streams opened by the server by @marten-seemann in #4342
- http3: reject duplicate control streams opened by the client by @marten-seemann in #4344
- ci: enable Dependabot for GitHub Actions by @marten-seemann in #4343
- server: fix deadlock when closing concurrently with transport by @sukunrt in #4332
- build(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in #4346
- build(deps): bump docker/build-push-action from 4 to 5 by @dependabot in #4347
- build(deps): bump docker/login-action from 2 to 3 by @dependabot in #4348
- build(deps): bump docker/setup-qemu-action from 2 to 3 by @dependabot in #4345
- build(deps): bump docker/setup-buildx-action from 2 to 3 by @dependabot in #4349
- handshake: embed the mask as an array into the aesHeaderProtector by @marten-seemann in #4324
- handshake: optimize AEAD handling for long header sealers and openers by @marten-seemann in #4323
- unmap IPv4-mapped IPv6 addresses by @thijsvandien in #4309
- docs: improve API documentation for OpenStreamSync by @wlynxg in #4352
- add a qlog tracer for events outside of QUIC connections by @marten-seemann in #4305
- remove unused ReceiveStream.CloseRemote method by @marten-seemann in #4357
- update GoMock to v0.4.0 by @marten-seemann in #4361
- add an AddrVerified field to the ClientHelloInfo by @marten-seemann in #4360
- http3: add a RoundTripOpt to check the server's SETTINGS frame by @marten-seemann in #4355
- use Transport.VerifySourceAddress to control the Retry Mechanism by @marten-seemann in #4362
- close connection when an abnormally large number of frames are queued by @marten-seemann in #4369
New Contributors
v0.41.0
New Features
- When calling
quic.Connection.SendDatagram
, we now queue up to 32 DATAGRAMs before blocking this method: #4222. This should lead to significant performance improvements for applications that send a lot of datagrams. - DATAGRAM frames that don't fit into a packet (at the current MTU) are now dropped: #4221.
- http3: The remote address (as a
net.Addr
) can now be obtained from the HTTP/3 request context using thehttp3.RemoteAddrContextKey
: #4208. Thanks to @oncilla! - http3: When an
http.Handler
panics, the stream is now reset: #4181. Thanks to @WeidiDeng! - http3: The
http3.Server
now has aConnContext
function, working analogously tohttp.Server.ConnContext
: #4230. Thanks to @rthellend! - logging: Information about the negotiated ALPN is logged using
logging.ConnectionTracer.ChoseALPN
: #4216. Thanks to @birneee! - qlog: The package now provides an implementation of the
quic.Config.ConnectionTracer
callback that reads the QLOGDIR environment variable, and writes qlogs to that directory. Thanks to @birneee!
Breaking Changes
- This release drops support for Go 1.20 (#4195). We decided to support the old Go version a little bit earlier than usual (before the Go 1.22 release) this time, since this allowed us to completely remove our custom TLS fork that was necessary before crypto/tls gained QUIC support in Go 1.21. If you rely on Go 1.20, you can continue using the v0.40.1 release.
- The
DroppedPacket
callback on thelogging.ConnectionTracer
now contains the packet number of the dropped packet, allowing for better logging of duplicate packets: #4171
Other Changes
- Only attempt 0-RTT resumption if the session-ticket allowed 0-RTT: #4183
- http3: The context cancelation error is now returned from
RoundTrip
: #4203 - http3: use the
AdditionalSettings
for on HTTP/3 requests: #4156
Please support quic-go!
Is your project / company relying on quic-go?
Please consider funding the project. Any support is highly appreciated!
Changelog
- congestion: don't use floating point math when calculating pacing times by @marten-seemann in #4148
- don't set the TLS version in the transport by @marten-seemann in #4135
- ackhandler: immediately acknowledge ECN-CE marked packets by @marten-seemann in #4147
- README: fix typo by @anderspitman in #4166
- fix flaky server test by @marten-seemann in #4167
- fix serialization of connection ID in filenames of qlog files by @marten-seemann in #4170
- logging: pass the packet number to ConnectionTracer.DroppedPacket by @marten-seemann in #4171
- interop: update Go version to 1.21.4 by @marten-seemann in #4179
- wire: reject NEW_CONNECTION_ID frames with zero-length conneciton IDs by @marten-seemann in #4180
- send large max_datagram_frame size, introduce a DatagramTooLargeError error by @chungthuang in #4143
- fuzzing: add transport parameter validation logic by @marten-seemann in #4175
- reduce calls to time.Now() calls in connection by @birneee in #4191
- http3: use the AdditionalSettings for requests by @marten-seemann in #4156
- README: add gost project by @char8x in #4154
- qtls: only attempt 0-RTT resumption for 0-RTT enabled session tickets by @marten-seemann in #4183
- examples: close listener, connection and stream in echo client and server by @rfyiamcool in #4188
- fuzzing: update Go version to 1.21 by @marten-seemann in #4192
- integrationtests: remove leftover code for Go 1.19 by @marten-seemann in #4193
- limit the number of queued PATH_RESPONSE frames to 256 by @marten-seemann in #4199
- don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames by @marten-seemann in #4200
- ci: update golangci-lint to v1.55.2 by @marten-seemann in #4204
- fuzzing: add frame field validation logic by @marten-seemann in #4206
- http3: add remote address to request context by @oncilla in #4208
- http3: reset stream when a handler panics by @WeidiDeng in #4181
- http3: don't use error string as a format string by @nanokatze in #4211
- http3: improve debug message when determining the listener port fails by @nanokatze in #4214
- http3: return the context cancellation error from RoundTrip by @marten-seemann in #4203
- qlog: add support for alpn_information event by @birneee in #4216
- drop support for Go 1.20, build on Go 1.22rc1 by @marten-seemann in #4195
- utils: use time.Duration.Abs by @marten-seemann in #4217
- utils: switch to builtin min and max funtions by @marten-seemann in #4218
- http3: fix channel size in ListenAndServe by @narqo in #4219
- qtls: remove unneeded type alias for the tls.QUICEncryptionLevel by @marten-seemann in #4220
- discard DATAGRAM frames that don't fit into packets without an ACK by @marten-seemann in #4221
- queue up to 32 DATAGRAM frames to send by @marten-seemann in #4222
- use a ring buffer for the datagram queue by @marten-seemann in #4223
- handshake: remove unneeded mutex in cryptoSetup by @marten-seemann in #4227
- README: add RoadRunner to list of projects by @marten-seemann in #4226
- wire: use netip.AddrPort in the Preferred Address transport parameter by @marten-seemann in #4232
- ackhandler: refactor ACK queueing logic by @marten-seemann in #4225
- fix race condition when dropping Initial packet with short connection ID by @marten-seemann in #4236
- http3: add ConnContext to the server by @rthellend in #4230
- example: add config flag for TLS key and cert for the server by @marten-seemann in #4237
- wire: improve logging of connection ID retirements by @marten-seemann in #4241
- qlog: add a default tracer that writes to QLOGDIR by @birneee in #4233
- example: remove -v flag and custom logger configuration by @marten-seemann in #4242
- example: remove -qlog flag in favor of QLOGDIR by @marten-seemann in #4243
- http3: add a basic README by @marten-seemann in #4246
New Contributors
- @anderspitman made their first contribution in #4166
- @chungthuang made their first contribution in #4143
- @char8x made their first contribution in #4154
- @rfyiamcool made their first contribution in #4188
- @oncilla made their first contribution in #4208
- @nanokatze made their first contribution in #4211
- @narqo made their first contribution in #4219
- @rthellend made their first contribution in #4230
Full Changelog: v0.40.0...v0.41.0
v0.40.1
This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:
- limit the number of queued PATH_RESPONSE frames to 256 (#4199)
- don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)
Full Changelog: v0.40.0...v0.40.1
v0.39.4
This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:
- limit the number of queued PATH_RESPONSE frames to 256 (#4199)
- don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)
Full Changelog: v0.39.3...v0.39.4
v0.38.2
This release contains fixes for a resource exhaustion attack on QUIC's path validation logic (CVE-2023-49295), see https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation for details:
- limit the number of queued PATH_RESPONSE frames to 256 (#4199)
- don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)
Full Changelog: v0.38.1...v0.38.2
v0.37.7
This release contains fixes for the Honeybadger vulnerability (CVE-2023-49295):
- limit the number of queued PATH_RESPONSE frames to 256 (#4199)
- don't retransmit PATH_CHALLENGE and PATH_RESPONSE frames (#4200)
Full Changelog: v0.37.6...v0.37.7
v0.40.0
API Changes
Connection.{Send,Receive}Message
was renamed to{Send,Receive}Datagram
: #4116- Closing a
Listener
created from aTransport
doesn't close already established QUIC connections: #4072 - http3: the
ResponseWriter
now automatically discards the response body for HEAD requests: #4115
Other Changes / Fixes
- When using
Dial
(notDialEarly
) now doesn't perform 0-RTT handshake, even if the session ticket allows 0-RTT: #4125 - ClientHellos offering TLS versions older than 1.3 are now reject (when using Go 1.20): #4130
- EPERM sendmsg errors (see golang/go#63322) are now automatically caught: #4111
- Sending CONNECTION_REFUSED now doesn't spawn a new Go routine: #4091
- Sending Retry packets now doesn't spawn a new Go routine: #4092
Please support quic-go!
Is your project / company relying on quic-go? Please consider funding the project. Any support is highly appreciated!
Changelog
- simplify sending of INVALID_TOKEN errors by @marten-seemann in #4090
- don't spawn a new Go routine to send a CONNECTION_REFUSED packet by @marten-seemann in #4091
- don't spawn a new Go routine to send a Retry packet by @marten-seemann in #4092
- README: add qlog to list of supported RFCs, add an example by @marten-seemann in #4102
- fix IPv4 ECN control message length on FreeBSD by @marten-seemann in #4110
- catch EPERM sendmsg errors for the very first packet on Linux by @marten-seemann in #4111
- use new gomock feature to generate type-safe methods in mocks by @marten-seemann in #4057
- http3: discard body from responses to HEAD requests by @Glonee in #4115
- fix logging of connection IDs in tracer test by @marten-seemann in #4118
- ci: create separate artifact archives per workflow run by @marten-seemann in #4121
- ci: use bash on all platforms by @marten-seemann in #4122
- rename Connection.{Send,Receive}Message to {Send,Receive}Datagram by @marten-seemann in #4116
- fix IPv4 ECN control message length on Linux by @marten-seemann in #4127
- use typed atomics in integration tests by @marten-seemann in #4120
- ci: run linter on all supported Go versions by @marten-seemann in #4126
- never allow 0-RTT when using Dial, even if the session ticket allows it by @marten-seemann in #4125
- reject ClientHellos that offer TLS versions older than 1.3 (for Go 1.20) by @marten-seemann in #4130
- handshake: clone the tls.Config returned by GetConfigForClient by @marten-seemann in #4133
- handshake: set MinVersion on the Config returned by GetConfigForClient by @marten-seemann in #4134
- don't close established connections on Listener.Close, when using a Transport by @marten-seemann in #4072
- README: link to webtransport-go repo by @marten-seemann in #4117
- fix race condition in multiplex integration test by @marten-seemann in #4136
- document what happens to established connections on Listener.Close by @marten-seemann in #4138
Full Changelog: v0.39.0...v0.40.0
v0.39.3
This patch contains two fixes:
- The
tls.Config
returned byGetConfigForClient
is now cloned before quic-go modifies it: #4133 - The
MinVersion
on thetlsConfig
returned byGetConfigForClient
is not set to TLS 1.3, making sure that the TLS stack doesn't negotiate a TLS version older than 1.3: #4134
Full Changelog: v0.39.2...v0.39.3