crypto/tls: Change TLS version to 1.1 in the package comment.

Also use 2048-bit RSA keys as default in generate_cert.go,
as recommended by the NIST.

R=golang-dev, rsc, bradfitz
CC=golang-dev
https://golang.org/cl/10676043

diff --git a/src/pkg/crypto/tls/generate_cert.go b/src/pkg/crypto/tls/generate_cert.go
index 215644d24358bde6a6468a18d2609e0c87248dfa..b417ea4640fef84fbac2d0dfc655f5ab6249bdd5 100644 (file)
--- a/src/pkg/crypto/tls/generate_cert.go
+++ b/src/pkg/crypto/tls/generate_cert.go
@@ -30,7 +30,7 @@ var (
        validFrom = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011")
        validFor  = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for")
        isCA      = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority")
-       rsaBits   = flag.Int("rsa-bits", 1024, "Size of RSA key to generate")
+       rsaBits   = flag.Int("rsa-bits", 2048, "Size of RSA key to generate")
 )
 
 func main() {

diff --git a/src/pkg/crypto/tls/tls.go b/src/pkg/crypto/tls/tls.go
index 9230656d6a481d0fdc38d194cd2e959fef69ec9f..054e477618ada848331cce3db75f46b3d3d049e4 100644 (file)
--- a/src/pkg/crypto/tls/tls.go
+++ b/src/pkg/crypto/tls/tls.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package tls partially implements TLS 1.0, as specified in RFC 2246.
+// Package tls partially implements TLS 1.1, as specified in RFC 4346.
 package tls
 
 import (