diff options
author | Filippo Valsorda <filippo@golang.org> | 2021-06-15 10:59:58 -0400 |
---|---|---|
committer | Filippo Valsorda <filippo@golang.org> | 2021-06-21 14:58:02 +0000 |
commit | 7a5e7047a4606e1deab7d4adcf9f057c7f8ce88c (patch) | |
tree | ea9b2563e18a8dfb49e024357d15833ed671b39e /doc | |
parent | 85a2e24afd87d94c62f78672dc28c1991b2a271c (diff) | |
download | go-7a5e7047a4606e1deab7d4adcf9f057c7f8ce88c.tar.gz go-7a5e7047a4606e1deab7d4adcf9f057c7f8ce88c.zip |
doc/go1.17: add Go 1.18 pre-announcements
Updates #41682
Updates #45428
Change-Id: Ia31d454284f0e114bd29ba398a2858fc90454032
Reviewed-on: https://go-review.googlesource.com/c/go/+/327811
Trust: Filippo Valsorda <filippo@golang.org>
Trust: Katie Hockman <katie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/go1.17.html | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/go1.17.html b/doc/go1.17.html index f1b3e3fdc7..c9b64da244 100644 --- a/doc/go1.17.html +++ b/doc/go1.17.html @@ -629,6 +629,15 @@ func Foo() bool { weakness</a>. They are still enabled by default but only as a last resort, thanks to the cipher suite ordering change above. </p> + + <p><!-- golang.org/issue/45428 --> + Beginning in the next release, Go 1.18, the + <a href="/pkg/crypto/tls/#Config.MinVersion"><code>Config.MinVersion</code></a> + for <code>crypto/tls</code> clients will default to TLS 1.2, disabling TLS 1.0 + and TLS 1.1 by default. Applications will be able to override the change by + explicitly setting <code>Config.MinVersion</code>. + This will not affect <code>crypto/tls</code> servers. + </p> </dd> </dl><!-- crypto/tls --> @@ -656,6 +665,14 @@ func Foo() bool { roots. This adds support for the new system trusted certificate store in FreeBSD 12.2+. </p> + + <p><!-- golang.org/issue/41682 --> + Beginning in the next release, Go 1.18, <code>crypto/x509</code> will + reject certificates signed with the SHA-1 hash function. This doesn't + apply to self-signed root certificates. Practical attacks against SHA-1 + <a href="https://shattered.io/">have been demonstrated in 2017</a> and publicly + trusted Certificate Authorities have not issued SHA-1 certificates since 2015. + </p> </dd> </dl><!-- crypto/x509 --> |