From aed74b9ddf95a3cc824a50f8e222b8edf07b3b52 Mon Sep 17 00:00:00 2001 From: Jonathan Rudenberg Date: Tue, 14 Jul 2015 19:16:01 -0400 Subject: [PATCH] doc/go1.5.html: fix and expand crypto/tls changes - Fix incomplete description of minimum protocol version. - Add mention of the new ConnectionState.OCSPResponse field. - Clarify session ticket key rotation description. Change-Id: I6b62d30a4d0e0f84fd2c0e70e8f66ec14e6a5a90 Reviewed-on: https://go-review.googlesource.com/12197 Reviewed-by: Rob Pike --- doc/go1.5.html | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/doc/go1.5.html b/doc/go1.5.html index a7ff7e57e4..7c3a2f294a 100644 --- a/doc/go1.5.html +++ b/doc/go1.5.html @@ -792,19 +792,28 @@ This change guards against certain attacks.
  • The crypto/tls package -now defaults to TLS 1.0. +minimum protocol version now defaults to TLS 1.0. The old default, SSLv3, is still available through Config if needed.
  • -Also, the crypto/tls package +The crypto/tls package now supports Signed Certificate Timestamps (SCTs) as specified in RFC 6962. The server serves them if they are listed in the Certificate struct, and the client requests them and exposes them, if present, in its ConnectionState struct. -The crytpo/tls server implementation -will also now always call the + +
  • +The stapled OCSP response to a crypto/tls client connection, +previously only available via the +OCSPResponse method, +is now exposed in the ConnectionState struct. +
    • + +
  • +The crypto/tls server implementation +will now always call the GetCertificate function in the Config struct to select a certificate for the connection when none is supplied. @@ -813,7 +822,7 @@ to select a certificate for the connection when none is supplied.
  • Finally, the session ticket keys in the crypto/tls package -can now be rotated (changed periodically during an active connection). +can now be changed while the server is running. This is done through the new SetSessionTicketKeys method of the -- 2.50.0