From 31d373534e6b2582817585851f45b8af6386d023 Mon Sep 17 00:00:00 2001 From: Sean Liao Date: Fri, 21 Nov 2025 22:11:41 +0000 Subject: [PATCH] doc: pre-announce removal of 1.23 and earlier crypto GODEBUGs For #75316 Change-Id: Ife391b8c3e7fd2fec0e53b296d47b4756a787001 Reviewed-on: https://go-review.googlesource.com/c/go/+/723100 Reviewed-by: Dmitri Shuralyov LUCI-TryBot-Result: Go LUCI Reviewed-by: Filippo Valsorda Reviewed-by: Cherry Mui --- doc/godebug.md | 5 +++++ doc/next/6-stdlib/99-minor/crypto/tls/75836.md | 9 +++++++++ 2 files changed, 14 insertions(+) create mode 100644 doc/next/6-stdlib/99-minor/crypto/tls/75836.md diff --git a/doc/godebug.md b/doc/godebug.md index 0d1cd6b662..6163d134ce 100644 --- a/doc/godebug.md +++ b/doc/godebug.md @@ -334,6 +334,7 @@ any effect. Go 1.23 changed the default TLS cipher suites used by clients and servers when not explicitly configured, removing 3DES cipher suites. The default can be reverted using the [`tls3des` setting](/pkg/crypto/tls/#Config.CipherSuites). +This setting will be removed in Go 1.27. Go 1.23 changed the behavior of [`tls.X509KeyPair`](/pkg/crypto/tls#X509KeyPair) and [`tls.LoadX509KeyPair`](/pkg/crypto/tls#LoadX509KeyPair) to populate the @@ -341,6 +342,7 @@ Leaf field of the returned [`tls.Certificate`](/pkg/crypto/tls#Certificate). This behavior is controlled by the `x509keypairleaf` setting. For Go 1.23, it defaults to `x509keypairleaf=1`. Previous versions default to `x509keypairleaf=0`. +This setting will be removed in Go 1.27. Go 1.23 changed [`net/http.ServeContent`](/pkg/net/http#ServeContent), @@ -379,16 +381,19 @@ This setting will be removed in a future release, Go 1.27 at the earliest. Go 1.22 changed the default minimum TLS version supported by both servers and clients to TLS 1.2. The default can be reverted to TLS 1.0 using the [`tls10server` setting](/pkg/crypto/tls/#Config). +This setting will be removed in Go 1.27. Go 1.22 changed the default TLS cipher suites used by clients and servers when not explicitly configured, removing the cipher suites which used RSA based key exchange. The default can be reverted using the [`tlsrsakex` setting](/pkg/crypto/tls/#Config). +This setting will be removed in Go 1.27. Go 1.22 disabled [`ConnectionState.ExportKeyingMaterial`](/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial) when the connection supports neither TLS 1.3 nor Extended Master Secret (implemented in Go 1.21). It can be reenabled with the [`tlsunsafeekm` setting](/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial). +This setting will be removed in Go 1.27. Go 1.22 changed how the runtime interacts with transparent huge pages on Linux. In particular, a common default Linux kernel configuration can result in diff --git a/doc/next/6-stdlib/99-minor/crypto/tls/75836.md b/doc/next/6-stdlib/99-minor/crypto/tls/75836.md new file mode 100644 index 0000000000..33732800ef --- /dev/null +++ b/doc/next/6-stdlib/99-minor/crypto/tls/75836.md @@ -0,0 +1,9 @@ +The following GODEBUG settings introduced in [Go 1.22](/doc/godebug#go-122) +and [Go 1.23](/doc/godebug#go-123) will be removed in the next major Go release. +Starting in Go 1.27, the new behavior will apply regardless of GODEBUG setting or go.mod language version. + +- `tlsunsafeekm`: [ConnectionState.ExportKeyingMaterial] will require TLS 1.3 or Extended Master Secret. +- `tlsrsakex`: legacy RSA-only key exchanges without ECDH won't be enabled by default. +- `tls10server`: the default minimum TLS version for both clients and servers will be TLS 1.2. +- `tls3des`: the default cipher suites will not include 3DES. +- `x509keypairleaf`: [X509KeyPair] and [LoadX509KeyPair] will always populate the [Certificate.Leaf] field. -- 2.52.0