doc: pre-announce removal of 1.23 and earlier crypto GODEBUGs

For #75316

Change-Id: Ife391b8c3e7fd2fec0e53b296d47b4756a787001
Reviewed-on: https://go-review.googlesource.com/c/go/+/723100
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>

diff --git a/doc/godebug.md b/doc/godebug.md
index 0d1cd6b6627af9edc2d35012f1b89e367f390027..6163d134ce0d4f54e1bbb9bc0a979f2381c4f080 100644 (file)
--- a/doc/godebug.md
+++ b/doc/godebug.md
@@ -334,6 +334,7 @@ any effect.
 Go 1.23 changed the default TLS cipher suites used by clients and servers when
 not explicitly configured, removing 3DES cipher suites. The default can be reverted
 using the [`tls3des` setting](/pkg/crypto/tls/#Config.CipherSuites).
+This setting will be removed in Go 1.27.
 
 Go 1.23 changed the behavior of [`tls.X509KeyPair`](/pkg/crypto/tls#X509KeyPair)
 and [`tls.LoadX509KeyPair`](/pkg/crypto/tls#LoadX509KeyPair) to populate the
@@ -341,6 +342,7 @@ Leaf field of the returned [`tls.Certificate`](/pkg/crypto/tls#Certificate).
 This behavior is controlled by the `x509keypairleaf` setting. For Go 1.23, it
 defaults to `x509keypairleaf=1`. Previous versions default to
 `x509keypairleaf=0`.
+This setting will be removed in Go 1.27.
 
 Go 1.23 changed
 [`net/http.ServeContent`](/pkg/net/http#ServeContent),
@@ -379,16 +381,19 @@ This setting will be removed in a future release, Go 1.27 at the earliest.
 Go 1.22 changed the default minimum TLS version supported by both servers
 and clients to TLS 1.2. The default can be reverted to TLS 1.0 using the
 [`tls10server` setting](/pkg/crypto/tls/#Config).
+This setting will be removed in Go 1.27.
 
 Go 1.22 changed the default TLS cipher suites used by clients and servers when
 not explicitly configured, removing the cipher suites which used RSA based key
 exchange. The default can be reverted using the [`tlsrsakex` setting](/pkg/crypto/tls/#Config).
+This setting will be removed in Go 1.27.
 
 Go 1.22 disabled
 [`ConnectionState.ExportKeyingMaterial`](/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial)
 when the connection supports neither TLS 1.3 nor Extended Master Secret
 (implemented in Go 1.21). It can be reenabled with the [`tlsunsafeekm`
 setting](/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial).
+This setting will be removed in Go 1.27.
 
 Go 1.22 changed how the runtime interacts with transparent huge pages on Linux.
 In particular, a common default Linux kernel configuration can result in

diff --git a/doc/next/6-stdlib/99-minor/crypto/tls/75836.md b/doc/next/6-stdlib/99-minor/crypto/tls/75836.md
new file mode 100644 (file)
index 0000000..3373280
--- /dev/null
+++ b/doc/next/6-stdlib/99-minor/crypto/tls/75836.md
@@ -0,0 +1,9 @@
+The following GODEBUG settings introduced in [Go 1.22](/doc/godebug#go-122)
+and [Go 1.23](/doc/godebug#go-123) will be removed in the next major Go release.
+Starting in Go 1.27, the new behavior will apply regardless of GODEBUG setting or go.mod language version.
+
+- `tlsunsafeekm`: [ConnectionState.ExportKeyingMaterial] will require TLS 1.3 or Extended Master Secret.
+- `tlsrsakex`: legacy RSA-only key exchanges without ECDH won't be enabled by default.
+- `tls10server`: the default minimum TLS version for both clients and servers will be TLS 1.2.
+- `tls3des`: the default cipher suites will not include 3DES.
+- `x509keypairleaf`: [X509KeyPair] and [LoadX509KeyPair] will always populate the [Certificate.Leaf] field.