From 81a908aa685c5c3e68ded0fe542e7f3983d9dc85 Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Wed, 12 Dec 2018 19:31:45 -0500 Subject: [PATCH] doc/go1.12: release notes for crypto Change-Id: I2a5613377a38815fb8746c5bfb07ccbbc2e6dd0b Reviewed-on: https://go-review.googlesource.com/c/153829 Reviewed-by: Adam Langley --- doc/go1.12.html | 67 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 61 insertions(+), 6 deletions(-) diff --git a/doc/go1.12.html b/doc/go1.12.html index 6b6d9d4401..54ebed5142 100644 --- a/doc/go1.12.html +++ b/doc/go1.12.html @@ -266,8 +266,48 @@ for {

Core library

+

TLS 1.3

+

- All of the changes to the standard library are minor. + Go 1.12 adds support in the crypto/tls package for TLS 1.3 as + specified in RFC 8446. + + Programs that did not set an explicit MaxVersion in + Config will automatically negotiate + TLS 1.3 if available. All TLS 1.2 features except TLSUnique in + ConnectionState + and renegotiation are available in TLS 1.3 and provide equivalent or + better security and performance. +

+ +

+ TLS 1.3 cipher suites are not configurable. All supported cipher suites are + safe, and if PreferServerCipherSuites is set in + Config the preference order + is based on the available hardware. +

+ +

+ Early data (also called "0-RTT mode") is not currently supported as a + client or server. Additionally, a Go 1.12 server does not support skipping + unexpected early data if a client sends it. Since TLS 1.3 0-RTT mode + involves clients keeping state regarding which servers support 0-RTT, + a Go 1.12 server cannot be part of a load-balancing pool where some other + servers do support 0-RTT. If switching a domain from a server that supported + 0-RTT to a Go 1.12 server, 0-RTT would have to be disabled for at least the + lifetime of the issued session tickets before the switch to ensure + uninterrupted operation. +

+ +

+ In TLS 1.3 the client is the last one to speak in the handshake, so if it causes + an error to occur on the server, it will be returned on the client by the first + Read, not by + Handshake. For + example, that will be the case if the server rejects the client certificate. + Similarly, session tickets are now post-handshake messages, so are only + received by the client upon its first + Read.

Minor changes to the library

@@ -327,12 +367,15 @@ for {
crypto/rand
-

- TODO: https://golang.org/cl/120055: use the new getrandom syscall on FreeBSD +

+ A warning will now be printed to standard error the first time + Reader.Read is blocked for more than 60 seconds waiting + to read entropy from the kernel.

-

- TODO: https://golang.org/cl/139419: warn to stderr if blocked 60+ sec on first Reader.Read call +

+ On FreeBSD, Reader now uses the getrandom + system call if available, /dev/urandom otherwise.

@@ -340,11 +383,23 @@ for {
crypto/rc4

- TODO: https://golang.org/cl/130397: remove assembler implementations + This release removes the optimized assembly implementations. RC4 is insecure + and should only be used for compatibility with legacy systems.

+
crypto/tls
+
+

+ If a client sends an initial message that does not look like TLS, the server + will now not reply with an alert, and it will expose the underlying + net.Conn in the new field Conn of + RecordHeaderError. +

+ +
+
database/sql