crypto/tls: document FIPS 140-3 mode behavior

Change-Id: I6a6a465612cf76d148b9758ee3fcdc8606497830 Reviewed-on: https://go-review.googlesource.com/c/go/+/648835 Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com>
author: Filippo Valsorda <filippo@golang.org> 2025-02-06 11:34:20 +0100
committer: Gopher Robot <gobot@golang.org> 2025-02-12 14:52:40 -0800
commit: fc0049fb20fe5998232a365b5ee08d6730693f1b (patch)
tree: c60489a0322e9ec9f7561d309639e0e04b75a39d /src
parent: 6519aa955dd765072ac25881b127796d43de2b9a (diff)
download: go-fc0049fb20fe5998232a365b5ee08d6730693f1b.tar.xz
1 files changed, 9 insertions, 0 deletions
diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go
index f3089f0ed6..c64201abc1 100644
--- a/src/crypto/tls/tls.go
+++ b/src/crypto/tls/tls.go
@@ -4,6 +4,15 @@
 
 // Package tls partially implements TLS 1.2, as specified in RFC 5246,
 // and TLS 1.3, as specified in RFC 8446.
+//
+// # FIPS 140-3 mode
+//
+// When the program is in [FIPS 140-3 mode], this package behaves as if
+// only protocol versions, cipher suites, signature algorithms, and
+// key exchange algorithms approved by NIST SP 800-52r2 are implemented.
+// Others are silently ignored and not negotiated.
+//
+// [FIPS 140-3 mode]: https://go.dev/doc/security/fips140
 package tls
 
 // BUG(agl): The crypto/tls package only implements some countermeasures
author	Filippo Valsorda <filippo@golang.org>	2025-02-06 11:34:20 +0100
committer	Gopher Robot <gobot@golang.org>	2025-02-12 14:52:40 -0800
commit	fc0049fb20fe5998232a365b5ee08d6730693f1b (patch)
tree	c60489a0322e9ec9f7561d309639e0e04b75a39d /src
parent	6519aa955dd765072ac25881b127796d43de2b9a (diff)
download	go-fc0049fb20fe5998232a365b5ee08d6730693f1b.tar.xz