Skip to content

Commit b792550

Browse files
thomvaillgopherbot
thomvaill
authored and
gopherbot
committed
doc: add a disclamer for the TLS handshake timeouts TL;DR bug in godebug.md
Relates to golang/go#71257. Since post-quantum TLS algorithms are enabled by default, we should warn about the possible bugs with legacy servers (see https://tldr.fail/) Change-Id: Id5a565c2959c5b0f7b8bdd53ce9e70b191c4bf38 GitHub-Last-Rev: a709e6f GitHub-Pull-Request: #311 Reviewed-on: https://go-review.googlesource.com/c/website/+/650857 Reviewed-by: Ian Lance Taylor <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Auto-Submit: Ian Lance Taylor <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
1 parent 727aff0 commit b792550

File tree

2 files changed

+4
-0
lines changed

2 files changed

+4
-0
lines changed

_content/doc/go1.23.md

+2
Original file line numberDiff line numberDiff line change
@@ -293,6 +293,8 @@ the GODEBUG environment variable.
293293
The experimental post-quantum key exchange mechanism X25519Kyber768Draft00
294294
is now enabled by default when [`Config.CurvePreferences`](/pkg/crypto/tls#Config.CurvePreferences) is nil.
295295
The default can be reverted by adding `tlskyber=0` to the GODEBUG environment variable.
296+
This can be useful when dealing with buggy TLS servers that do not handle large records correctly,
297+
causing a timeout during the handshake (see [TLS post-quantum TL;DR fail](https://tldr.fail/)).
296298

297299
Go 1.23 changed the behavior of [`X509KeyPair`](/pkg/crypto/tls#X509KeyPair) and [`LoadX509KeyPair`](/pkg/crypto/tls#LoadX509KeyPair)
298300
to populate the [`Certificate.Leaf`](/pkg/crypto/tls#Certificate.Leaf) field of the returned [`Certificate`](/pkg/crypto/tls#Certificate).

_content/doc/go1.24.md

+2
Original file line numberDiff line numberDiff line change
@@ -480,6 +480,8 @@ The new post-quantum [`X25519MLKEM768`](/pkg/crypto/tls#X25519MLKEM768) key
480480
exchange mechanism is now supported and is enabled by default when
481481
[`Config.CurvePreferences`](/pkg/crypto/tls#Config.CurvePreferences) is nil.
482482
[GODEBUG setting](/doc/godebug) `tlsmlkem=0` reverts the default.
483+
This can be useful when dealing with buggy TLS servers that do not handle large records correctly,
484+
causing a timeout during the handshake (see [TLS post-quantum TL;DR fail](https://tldr.fail/)).
483485

484486
Support for the experimental `X25519Kyber768Draft00` key exchange has been removed.
485487

0 commit comments

Comments
 (0)