From 41b1defab367379e5c81e62149b59e443e2847cb Mon Sep 17 00:00:00 2001
From: Thomas Vaillant <thomvaill@bluebricks.dev>
Date: Thu, 20 Feb 2025 21:12:13 +0100
Subject: [PATCH 1/2] doc: TLS TL;DR bug discalmer

---
 doc/godebug.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/godebug.md b/doc/godebug.md
index cdc09ddcc4792d..ffaa3527e07239 100644
--- a/doc/godebug.md
+++ b/doc/godebug.md
@@ -217,6 +217,8 @@ field by default.
 Go 1.24 enabled the post-quantum key exchange mechanism
 X25519MLKEM768 by default. The default can be reverted using the
 [`tlsmlkem` setting](/pkg/crypto/tls/#Config.CurvePreferences).
+This is can be useful when dealing with legacy TLS servers that do not handle large records correctly,
+causing a timeout during the handshake (bug known as [TLS post-quantum TL;DR fail](https://tldr.fail/)).
 Go 1.24 also removed X25519Kyber768Draft00 and the Go 1.23 `tlskyber` setting.
 
 Go 1.24 made [`ParsePKCS1PrivateKey`](/pkg/crypto/x509/#ParsePKCS1PrivateKey)
@@ -253,6 +255,8 @@ Previous versions default to `winreadlinkvolume=0`.
 Go 1.23 enabled the experimental post-quantum key exchange mechanism
 X25519Kyber768Draft00 by default. The default can be reverted using the
 [`tlskyber` setting](/pkg/crypto/tls/#Config.CurvePreferences).
+This is can be useful when dealing with legacy TLS servers that do not handle large records correctly,
+causing a timeout during the handshake (bug known as [TLS post-quantum TL;DR fail](https://tldr.fail/)).
 
 Go 1.23 changed the behavior of
 [crypto/x509.ParseCertificate](/pkg/crypto/x509/#ParseCertificate) to reject

From 476e6462dfc7db8c2a47a25dcb7eb342264aabad Mon Sep 17 00:00:00 2001
From: Thomas Vaillant <thomvaill@bluebricks.dev>
Date: Thu, 20 Feb 2025 23:27:16 +0100
Subject: [PATCH 2/2] fix typo and rephrase

---
 doc/godebug.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/doc/godebug.md b/doc/godebug.md
index ffaa3527e07239..c1ef9115a0234f 100644
--- a/doc/godebug.md
+++ b/doc/godebug.md
@@ -217,8 +217,8 @@ field by default.
 Go 1.24 enabled the post-quantum key exchange mechanism
 X25519MLKEM768 by default. The default can be reverted using the
 [`tlsmlkem` setting](/pkg/crypto/tls/#Config.CurvePreferences).
-This is can be useful when dealing with legacy TLS servers that do not handle large records correctly,
-causing a timeout during the handshake (bug known as [TLS post-quantum TL;DR fail](https://tldr.fail/)).
+This can be useful when dealing with buggy TLS servers that do not handle large records correctly,
+causing a timeout during the handshake (see [TLS post-quantum TL;DR fail](https://tldr.fail/)).
 Go 1.24 also removed X25519Kyber768Draft00 and the Go 1.23 `tlskyber` setting.
 
 Go 1.24 made [`ParsePKCS1PrivateKey`](/pkg/crypto/x509/#ParsePKCS1PrivateKey)
@@ -255,8 +255,8 @@ Previous versions default to `winreadlinkvolume=0`.
 Go 1.23 enabled the experimental post-quantum key exchange mechanism
 X25519Kyber768Draft00 by default. The default can be reverted using the
 [`tlskyber` setting](/pkg/crypto/tls/#Config.CurvePreferences).
-This is can be useful when dealing with legacy TLS servers that do not handle large records correctly,
-causing a timeout during the handshake (bug known as [TLS post-quantum TL;DR fail](https://tldr.fail/)).
+This can be useful when dealing with buggy TLS servers that do not handle large records correctly,
+causing a timeout during the handshake (see [TLS post-quantum TL;DR fail](https://tldr.fail/)).
 
 Go 1.23 changed the behavior of
 [crypto/x509.ParseCertificate](/pkg/crypto/x509/#ParseCertificate) to reject