diff options
| author | Thomas Vaillant <thomvaill@bluebricks.dev> | 2025-02-20 22:30:01 +0000 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2025-02-20 15:13:42 -0800 |
| commit | b792550290d4cc4a7d85b2cc01acddf2cdcc19d7 (patch) | |
| tree | 652890163e9232f4931256a8afae607649690e73 /_content/doc | |
| parent | 727aff0ea8efc48d97563156e4c9072f364cc30e (diff) | |
| download | go-x-website-b792550290d4cc4a7d85b2cc01acddf2cdcc19d7.tar.xz | |
doc: add a disclamer for the TLS handshake timeouts TL;DR bug in godebug.md
Relates to https://github.com/golang/go/issues/71257. Since post-quantum TLS algorithms are enabled by default, we should warn about the possible bugs with legacy servers (see https://tldr.fail/)
Change-Id: Id5a565c2959c5b0f7b8bdd53ce9e70b191c4bf38
GitHub-Last-Rev: a709e6f149a689b1ba4134ff9bf0b14ecba6dda5
GitHub-Pull-Request: golang/website#311
Reviewed-on: https://go-review.googlesource.com/c/website/+/650857
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Diffstat (limited to '_content/doc')
| -rw-r--r-- | _content/doc/go1.23.md | 2 | ||||
| -rw-r--r-- | _content/doc/go1.24.md | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/_content/doc/go1.23.md b/_content/doc/go1.23.md index cc098034..3f9133ac 100644 --- a/_content/doc/go1.23.md +++ b/_content/doc/go1.23.md @@ -293,6 +293,8 @@ the GODEBUG environment variable. The experimental post-quantum key exchange mechanism X25519Kyber768Draft00 is now enabled by default when [`Config.CurvePreferences`](/pkg/crypto/tls#Config.CurvePreferences) is nil. The default can be reverted by adding `tlskyber=0` to the GODEBUG environment variable. +This can be useful when dealing with buggy TLS servers that do not handle large records correctly, +causing a timeout during the handshake (see [TLS post-quantum TL;DR fail](https://tldr.fail/)). Go 1.23 changed the behavior of [`X509KeyPair`](/pkg/crypto/tls#X509KeyPair) and [`LoadX509KeyPair`](/pkg/crypto/tls#LoadX509KeyPair) to populate the [`Certificate.Leaf`](/pkg/crypto/tls#Certificate.Leaf) field of the returned [`Certificate`](/pkg/crypto/tls#Certificate). diff --git a/_content/doc/go1.24.md b/_content/doc/go1.24.md index a6f0f8fc..ef19be18 100644 --- a/_content/doc/go1.24.md +++ b/_content/doc/go1.24.md @@ -480,6 +480,8 @@ The new post-quantum [`X25519MLKEM768`](/pkg/crypto/tls#X25519MLKEM768) key exchange mechanism is now supported and is enabled by default when [`Config.CurvePreferences`](/pkg/crypto/tls#Config.CurvePreferences) is nil. [GODEBUG setting](/doc/godebug) `tlsmlkem=0` reverts the default. +This can be useful when dealing with buggy TLS servers that do not handle large records correctly, +causing a timeout during the handshake (see [TLS post-quantum TL;DR fail](https://tldr.fail/)). Support for the experimental `X25519Kyber768Draft00` key exchange has been removed. |