doc/go1.15: add release notes for crypto/tls

Updates #37419

Change-Id: Ie81c0b03716799c132e90dc231ab816e6ae43469
Reviewed-on: https://go-review.googlesource.com/c/go/+/236166
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>

diff --git a/doc/go1.15.html b/doc/go1.15.html
index 73dbf89c2d23329a8009affe9906c1d3bbb80318..7506a6aa494b33ac1b93161dc7f1ba49262d49cf 100644 (file)
--- a/doc/go1.15.html
+++ b/doc/go1.15.html
@@ -406,6 +406,20 @@ TODO
       <a href="/pkg/crypto/tls/#Dialer.DialContext"><code>DialContext</code></a>
       method permits using a context to both connect and handshake with a TLS server.
     </p>
+
+    <p><!-- CL 229122 -->
+      The new
+      <a href="/pkg/crypto/tls/#Config.VerifyConnection"><code>VerifyConnection</code></a>
+      callback on the <a href="/pkg/crypto/tls/#Config"><code>Config</code></a> type
+      allows custom verification logic for every connection. It has access to the
+      <a href="/pkg/crypto/tls/#ConnectionState"><code>ConnectionState</code></a>
+      which includes peer certificates, SCTs, and stapled OCSP responses.
+    </p>
+
+    <p><!-- CL 230679 -->
+      Auto-generated session ticket keys are now automatically rotated every 24 hours,
+      with a lifetime of 7 days, to limit their impact on forward secrecy.
+    </p>
   </dd>
 </dl>