From bddf75d88859b8454f67de32510d8488329d0f2b Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 8 Jun 2020 13:58:12 -0400
Subject: [PATCH] doc/go1.15: add more release notes for crypto/tls

Updates #37419

Change-Id: I5e03adbf6d215d65aedbdeb7bdfe1ead8a838877
Reviewed-on: https://go-review.googlesource.com/c/go/+/236921
Reviewed-by: Katie Hockman <katie@golang.org>
---
 doc/go1.15.html | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/doc/go1.15.html b/doc/go1.15.html
index 1e39493cba..7a49e1fa1f 100644
--- a/doc/go1.15.html
+++ b/doc/go1.15.html
@@ -463,8 +463,27 @@ TODO
       Auto-generated session ticket keys are now automatically rotated every 24 hours,
       with a lifetime of 7 days, to limit their impact on forward secrecy.
     </p>
+
+    <p><!-- CL 231317 -->
+      Session ticket lifetimes in TLS 1.2 and earlier, where the session keys
+      are reused for resumed connections, are now limited to 7 days, also to
+      limit their impact on forward secrecy.
+    </p>
+
+    <p><!-- CL 231038 -->
+      The client-side downgrade protection checks specified in RFC 8446 are now
+      enforced. This has the potential to cause connection errors for clients
+      encountering middleboxes that behave like unauthorized downgrade attacks.
+    </p>
+
+    <p><!-- CL 208226 -->
+      <a href="/pkg/crypto/tls/#SignatureScheme"><code>SignatureScheme</code></a>,
+      <a href="/pkg/crypto/tls/#CurveID"><code>CurveID</code></a>, and
+      <a href="/pkg/crypto/tls/#ClientAuthType"><code>ClientAuthType</code></a>
+      now implement <a href="/pkg/fmt/#Stringer"><code>fmt.Stringer</code></a>.
+    </p>
   </dd>
-</dl>
+</dl><!-- crypto/tls -->
 
 <dl id="crypto/x509"><dt><a href="/pkg/crypto/x509/">crypto/x509</a></dt>
   <dd>
-- 
2.50.0