crypto/tls: document FIPS 140-3 mode behavior

Change-Id: I6a6a465612cf76d148b9758ee3fcdc8606497830
Reviewed-on: https://go-review.googlesource.com/c/go/+/648835
Reviewed-by: Daniel McCarney <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Filippo Valsorda <[email protected]>
Reviewed-by: Roland Shoemaker <[email protected]>
Reviewed-by: Ian Lance Taylor <[email protected]>

Author: FiloSottile

src/crypto/tls/tls.go

@@ -4,6 +4,15 @@
 
 // Package tls partially implements TLS 1.2, as specified in RFC 5246,
 // and TLS 1.3, as specified in RFC 8446.
+//
+// # FIPS 140-3 mode
+//
+// When the program is in [FIPS 140-3 mode], this package behaves as if
+// only protocol versions, cipher suites, signature algorithms, and
+// key exchange algorithms approved by NIST SP 800-52r2 are implemented.
+// Others are silently ignored and not negotiated.
+//
+// [FIPS 140-3 mode]: https://go.dev/doc/security/fips140
 package tls
 
 // BUG(agl): The crypto/tls package only implements some countermeasures