1
0
mirror of https://github.com/golang/go synced 2024-11-22 20:24:47 -07:00

doc/go1.17: add Go 1.18 pre-announcements

Updates #41682
Updates #45428

Change-Id: Ia31d454284f0e114bd29ba398a2858fc90454032
Reviewed-on: https://go-review.googlesource.com/c/go/+/327811
Trust: Filippo Valsorda <filippo@golang.org>
Trust: Katie Hockman <katie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
This commit is contained in:
Filippo Valsorda 2021-06-15 10:59:58 -04:00
parent 85a2e24afd
commit 7a5e7047a4

View File

@ -629,6 +629,15 @@ func Foo() bool {
weakness</a>. They are still enabled by default but only as a last resort,
thanks to the cipher suite ordering change above.
</p>
<p><!-- golang.org/issue/45428 -->
Beginning in the next release, Go 1.18, the
<a href="/pkg/crypto/tls/#Config.MinVersion"><code>Config.MinVersion</code></a>
for <code>crypto/tls</code> clients will default to TLS 1.2, disabling TLS 1.0
and TLS 1.1 by default. Applications will be able to override the change by
explicitly setting <code>Config.MinVersion</code>.
This will not affect <code>crypto/tls</code> servers.
</p>
</dd>
</dl><!-- crypto/tls -->
@ -656,6 +665,14 @@ func Foo() bool {
roots. This adds support for the new system trusted certificate store in
FreeBSD 12.2+.
</p>
<p><!-- golang.org/issue/41682 -->
Beginning in the next release, Go 1.18, <code>crypto/x509</code> will
reject certificates signed with the SHA-1 hash function. This doesn't
apply to self-signed root certificates. Practical attacks against SHA-1
<a href="https://shattered.io/">have been demonstrated in 2017</a> and publicly
trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
</p>
</dd>
</dl><!-- crypto/x509 -->