e071084ebe
govulncheck / govulncheck (push) Waiting to run
Harness (E2E) / Harnesses (mock LLM) (push) Waiting to run
Harness (E2E) / Provider harnesses (live LLM conformance) (push) Waiting to run
Lint / golangci-lint (push) Waiting to run
Run Tests / Unit Tests (push) Waiting to run
Run Tests / Etcd Integration Tests (push) Waiting to run
1.3 KiB
1.3 KiB
TLS Security Update - Important Information
What Changed
Go Micro v6 verifies TLS certificates by default. This completes the v5 security migration where verification was opt-in.
Current Behavior (v6.x)
Default: TLS certificate verification is enabled.
MICRO_TLS_SECUREwas a v5 opt-in flag and is no longer used.- For local development with untrusted self-signed certificates, opt out
explicitly with
MICRO_TLS_INSECURE=trueor an explicit insecure TLS config.
Production Recommendation
For production deployments:
- Use CA-signed certificates or distribute your private CA to every host.
- Remove old
MICRO_TLS_SECUREsettings from v5-era manifests. - Do not set
MICRO_TLS_INSECURE=truein production. - Consider service mesh mTLS (Istio, Linkerd) if certificate lifecycle should be managed outside the application.
Migration Timeline
- v5.x: Insecure by default, opt-in security via
MICRO_TLS_SECURE=true. - v6.x current: Secure by default; use
MICRO_TLS_INSECURE=trueonly for an explicit development opt-out.
Documentation
See SECURITY_MIGRATION.md for the detailed migration guide.
Questions?
Open an issue on GitHub or check the documentation at https://go-micro.dev/docs/.