From 7a5e7047a4606e1deab7d4adcf9f057c7f8ce88c Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Tue, 15 Jun 2021 10:59:58 -0400 Subject: doc/go1.17: add Go 1.18 pre-announcements Updates #41682 Updates #45428 Change-Id: Ia31d454284f0e114bd29ba398a2858fc90454032 Reviewed-on: https://go-review.googlesource.com/c/go/+/327811 Trust: Filippo Valsorda Trust: Katie Hockman Reviewed-by: Katie Hockman --- doc/go1.17.html | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'doc') diff --git a/doc/go1.17.html b/doc/go1.17.html index f1b3e3fdc7..c9b64da244 100644 --- a/doc/go1.17.html +++ b/doc/go1.17.html @@ -629,6 +629,15 @@ func Foo() bool { weakness. They are still enabled by default but only as a last resort, thanks to the cipher suite ordering change above.

+ +

+ Beginning in the next release, Go 1.18, the + Config.MinVersion + for crypto/tls clients will default to TLS 1.2, disabling TLS 1.0 + and TLS 1.1 by default. Applications will be able to override the change by + explicitly setting Config.MinVersion. + This will not affect crypto/tls servers. +

@@ -656,6 +665,14 @@ func Foo() bool { roots. This adds support for the new system trusted certificate store in FreeBSD 12.2+.

+ +

+ Beginning in the next release, Go 1.18, crypto/x509 will + reject certificates signed with the SHA-1 hash function. This doesn't + apply to self-signed root certificates. Practical attacks against SHA-1 + have been demonstrated in 2017 and publicly + trusted Certificate Authorities have not issued SHA-1 certificates since 2015. +

-- cgit v1.2.3-54-g00ecf