languages/go
languages/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-10-04 15:09:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
go/doc
History
Roland Shoemaker 9eeb627f60 crypto/tls: add ech client support 
This CL adds a (very opinionated) client-side ECH implementation.

In particular, if a user configures a ECHConfigList, by setting the
Config.EncryptedClientHelloConfigList, but we determine that none of
the configs are appropriate, we will not fallback to plaintext SNI, and
will instead return an error. It is then up to the user to decide if
they wish to fallback to plaintext themselves (by removing the config
list).

Additionally if Config.EncryptedClientHelloConfigList is provided, we
will not offer TLS support lower than 1.3, since negotiating any other
version, while offering ECH, is a hard error anyway. Similarly, if a
user wishes to fallback to plaintext SNI by using 1.2, they may do so
by removing the config list.

With regard to PSK GREASE, we match the boringssl  behavior, which does
not include PSK identities/binders in the outer hello when doing ECH.

If the server rejects ECH, we will return a ECHRejectionError error,
which, if provided by the server, will contain a ECHConfigList in the
RetryConfigList field containing configs that should be used if the user
wishes to retry. It is up to the user to replace their existing
Config.EncryptedClientHelloConfigList with the retry config list.

Fixes #63369

Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Change-Id: I9bc373c044064221a647a388ac61624efd6bbdbf
Reviewed-on: https://go-review.googlesource.com/c/go/+/578575
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Than McIntosh <thanm@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2024-05-23 03:10:12 +00:00
..
initial doc/initial, doc/next: add draft notice to introduction 2024-05-22 18:25:26 +00:00
next crypto/tls: add ech client support 2024-05-23 03:10:12 +00:00
asm.html doc: document PCALIGN directive 2023-11-28 19:15:27 +00:00
go1.17_spec.html all: consistently use "IEEE 754" over "IEEE-754" 2024-04-11 20:22:45 +00:00
go_mem.html doc: close HTML tags 2024-03-04 15:54:42 +00:00
go_spec.html spec: clarify when range expression is evaluated 2024-05-02 22:43:51 +00:00
godebug.md doc: fix two instances of "the the" in godebug.md 2024-05-23 01:45:30 +00:00
README.md doc/README.md: give example of package-less symbol link 2024-05-16 18:37:47 +00:00

README.md

Release Notes

The initial and next subdirectories of this directory are for release notes.

For developers

Release notes should be added to next by editing existing files or creating new files. Do not add RELNOTE=yes comments in CLs. Instead, add a file to the CL (or ask the author to do so).

At the end of the development cycle, the files will be merged by being concatenated in sorted order by pathname. Files in the directory matching the glob "*stdlib/*minor" are treated specially. They should be in subdirectories corresponding to standard library package paths, and headings for those package paths will be generated automatically.

Files in this repo's api/next directory must have corresponding files in doc/next/*stdlib/*minor. The files should be in the subdirectory for the package with the new API, and should be named after the issue number of the API proposal. For example, if the directory 6-stdlib/99-minor is present, then an api/next file with the line

pkg net/http, function F #12345

should have a corresponding file named doc/next/6-stdlib/99-minor/net/http/12345.md. At a minimum, that file should contain either a full sentence or a TODO, ideally referring to a person with the responsibility to complete the note.

If your CL addresses an accepted proposal, mention the proposal issue number in your release note in the form /issue/NUMBER. A link to the issue in the text will have this form (see below). If you don't want to mention the issue in the text, add it as a comment:

<!-- go.dev/issue/12345 -->

If an accepted proposal is mentioned in a CL but not in the release notes, it will be flagged as a TODO by the automated tooling. That is true even for proposals that add API.

Use the following forms in your markdown:

[http.Request]                     # symbol documentation; auto-linked as in Go doc strings
[Request]                          # short form, for symbols in the package being documented
[#12345](/issue/12345)             # GitHub issues
[CL 6789](/cl/6789)                # Gerrit changelists

For the release team

The relnote tool, at golang.org/x/build/cmd/relnote, operates on the files in doc/next.

As a release cycle nears completion, run relnote todo to get a list of unfinished release note work.

To prepare the release notes for a release, run relnote generate. That will merge the .md files in next into a single file.

To begin the next release development cycle, delete the contents of next and replace them with those of initial. From the repo root:

> cd doc
> rm -r next/*
> cp -r initial/* next

Then edit next/1-intro.md to refer to the next version.