doc/go1.17: add Go 1.18 pre-announcements

Updates #41682 Updates #45428 Change-Id: Ia31d454284f0e114bd29ba398a2858fc90454032 Reviewed-on: https://go-review.googlesource.com/c/go/+/327811 Trust: Filippo Valsorda <filippo@golang.org> Trust: Katie Hockman <katie@golang.org> Reviewed-by: Katie Hockman <katie@golang.org>
golang · Jun 21, 2021 · 7a5e704 · 7a5e704
1 parent 85a2e24
commit 7a5e704
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/doc/go1.17.html b/doc/go1.17.html
@@ -629,6 +629,15 @@ <h3 id="minor_library_changes">Minor changes to the library</h3>
  weakness</a>. They are still enabled by default but only as a last resort,
  thanks to the cipher suite ordering change above.
  </p>
+
+ <p><!-- golang.org/issue/45428 -->
+ Beginning in the next release, Go 1.18, the
+ <a href="/pkg/crypto/tls/#Config.MinVersion"><code>Config.MinVersion</code></a>
+ for <code>crypto/tls</code> clients will default to TLS 1.2, disabling TLS 1.0
+ and TLS 1.1 by default. Applications will be able to override the change by
+ explicitly setting <code>Config.MinVersion</code>.
+ This will not affect <code>crypto/tls</code> servers.
+ </p>
  </dd>
 </dl><!-- crypto/tls -->
 
@@ -656,6 +665,14 @@ <h3 id="minor_library_changes">Minor changes to the library</h3>
  roots. This adds support for the new system trusted certificate store in
  FreeBSD 12.2+.
  </p>
+
+ <p><!-- golang.org/issue/41682 -->
+ Beginning in the next release, Go 1.18, <code>crypto/x509</code> will
+ reject certificates signed with the SHA-1 hash function. This doesn't
+ apply to self-signed root certificates. Practical attacks against SHA-1
+ <a href="https://shattered.io/">have been demonstrated in 2017</a> and publicly
+ trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
+ </p>
  </dd>
 </dl><!-- crypto/x509 -->