go/doc/next/6-stdlib/99-minor/crypto/tls/75836.md

The following GODEBUG settings introduced in [Go 1.22](/doc/godebug#go-122)
and [Go 1.23](/doc/godebug#go-123) will be removed in the next major Go release.
Starting in Go 1.27, the new behavior will apply regardless of GODEBUG setting or go.mod language version.

- `tlsunsafeekm`: [ConnectionState.ExportKeyingMaterial] will require TLS 1.3 or Extended Master Secret.
- `tlsrsakex`: legacy RSA-only key exchanges without ECDH won't be enabled by default.
- `tls10server`: the default minimum TLS version for both clients and servers will be TLS 1.2.
- `tls3des`: the default cipher suites will not include 3DES.
- `x509keypairleaf`: [X509KeyPair] and [LoadX509KeyPair] will always populate the [Certificate.Leaf] field.
doc: pre-announce removal of 1.23 and earlier crypto GODEBUGs For #75316 Change-Id: Ife391b8c3e7fd2fec0e53b296d47b4756a787001 Reviewed-on: https://go-review.googlesource.com/c/go/+/723100 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> 2025-11-21 22:11:41 +00:00			`The following GODEBUG settings introduced in [Go 1.22](/doc/godebug#go-122)`
			`and [Go 1.23](/doc/godebug#go-123) will be removed in the next major Go release.`
			`Starting in Go 1.27, the new behavior will apply regardless of GODEBUG setting or go.mod language version.`

			- `tlsunsafeekm`: [ConnectionState.ExportKeyingMaterial] will require TLS 1.3 or Extended Master Secret.
			- `tlsrsakex`: legacy RSA-only key exchanges without ECDH won't be enabled by default.
			- `tls10server`: the default minimum TLS version for both clients and servers will be TLS 1.2.
			- `tls3des`: the default cipher suites will not include 3DES.
			- `x509keypairleaf`: [X509KeyPair] and [LoadX509KeyPair] will always populate the [Certificate.Leaf] field.