doc: pre-announce removal of 1.23 and earlier crypto GODEBUGs

For #75316 Change-Id: Ife391b8c3e7fd2fec0e53b296d47b4756a787001 Reviewed-on: https://go-review.googlesource.com/c/go/+/723100 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com>
2025-12-08 06:10:04 +00:00 · 2025-11-21 22:11:41 +00:00 · 2025-11-21 22:11:41 +00:00 · 31d373534e
commit 31d373534e
parent aa093eed83
2 changed files with 14 additions and 0 deletions
--- a/doc/godebug.md
+++ b/doc/godebug.md
@ -334,6 +334,7 @@ any effect.
 Go 1.23 changed the default TLS cipher suites used by clients and servers when
 not explicitly configured, removing 3DES cipher suites. The default can be reverted
 using the [`tls3des` setting](/pkg/crypto/tls/#Config.CipherSuites).
+This setting will be removed in Go 1.27.

 Go 1.23 changed the behavior of [`tls.X509KeyPair`](/pkg/crypto/tls#X509KeyPair)
 and [`tls.LoadX509KeyPair`](/pkg/crypto/tls#LoadX509KeyPair) to populate the
@ -341,6 +342,7 @@ Leaf field of the returned [`tls.Certificate`](/pkg/crypto/tls#Certificate).
 This behavior is controlled by the `x509keypairleaf` setting. For Go 1.23, it
 defaults to `x509keypairleaf=1`. Previous versions default to
 `x509keypairleaf=0`.
+This setting will be removed in Go 1.27.

 Go 1.23 changed
 [`net/http.ServeContent`](/pkg/net/http#ServeContent),
@ -379,16 +381,19 @@ This setting will be removed in a future release, Go 1.27 at the earliest.
 Go 1.22 changed the default minimum TLS version supported by both servers
 and clients to TLS 1.2. The default can be reverted to TLS 1.0 using the
 [`tls10server` setting](/pkg/crypto/tls/#Config).
+This setting will be removed in Go 1.27.

 Go 1.22 changed the default TLS cipher suites used by clients and servers when
 not explicitly configured, removing the cipher suites which used RSA based key
 exchange. The default can be reverted using the [`tlsrsakex` setting](/pkg/crypto/tls/#Config).
+This setting will be removed in Go 1.27.

 Go 1.22 disabled
 [`ConnectionState.ExportKeyingMaterial`](/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial)
 when the connection supports neither TLS 1.3 nor Extended Master Secret
 (implemented in Go 1.21). It can be reenabled with the [`tlsunsafeekm`
 setting](/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial).
+This setting will be removed in Go 1.27.

 Go 1.22 changed how the runtime interacts with transparent huge pages on Linux.
 In particular, a common default Linux kernel configuration can result in
--- a/doc/next/6-stdlib/99-minor/crypto/tls/75836.md
+++ b/doc/next/6-stdlib/99-minor/crypto/tls/75836.md
@ -0,0 +1,9 @@
+The following GODEBUG settings introduced in [Go 1.22](/doc/godebug#go-122)
+and [Go 1.23](/doc/godebug#go-123) will be removed in the next major Go release.
+Starting in Go 1.27, the new behavior will apply regardless of GODEBUG setting or go.mod language version.
+
+- `tlsunsafeekm`: [ConnectionState.ExportKeyingMaterial] will require TLS 1.3 or Extended Master Secret.
+- `tlsrsakex`: legacy RSA-only key exchanges without ECDH won't be enabled by default.
+- `tls10server`: the default minimum TLS version for both clients and servers will be TLS 1.2.
+- `tls3des`: the default cipher suites will not include 3DES.
+- `x509keypairleaf`: [X509KeyPair] and [LoadX509KeyPair] will always populate the [Certificate.Leaf] field.