crypto/tls: deprecate SSLv3 support

FiloSottile · FiloSottile · commit a6a7b148f874 · 2019-07-15T23:00:52.000Z
Updates #32716 Change-Id: Ia0c03918e8f2da4d9824c49c6d4cfca1b0787b0a Reviewed-on: https://go-review.googlesource.com/c/go/+/184102 Reviewed-by: Andrew Bonventre <andybons@golang.org>
diff --git a/doc/go1.13.html b/doc/go1.13.html
@@ -534,6 +534,14 @@ <h3 id="minor_library_changes">Minor changes to the library</h3>
 
 <dl id="crypto/tls"><dt><a href="/pkg/crypto/tls/">crypto/tls</a></dt>
   <dd>
+    <p>
+      Support for SSL version 3.0 (SSLv3) <a href="https://golang.org/issue/32716">
+      is now deprecated and will be removed in Go 1.14</a>. Note that SSLv3
+      <a href="https://tools.ietf.org/html/rfc7568">is cryptographically
+      broken</a>, is already disabled by default in <code>crypto/tls</code>,
+      and was never supported by Go clients.
+    </p>
+
     <p><!-- CL 177698 -->
       Ed25519 certificates are now supported in TLS versions 1.2 and 1.3.
     </p>
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
@@ -23,11 +23,14 @@ import (
 )
 
 const (
-	VersionSSL30 = 0x0300
 	VersionTLS10 = 0x0301
 	VersionTLS11 = 0x0302
 	VersionTLS12 = 0x0303
 	VersionTLS13 = 0x0304
+
+	// Deprecated: SSLv3 is cryptographically broken, and will be
+	// removed in Go 1.14. See golang.org/issue/32716.
+	VersionSSL30 = 0x0300
 )
 
 const (

Original file line number	Diff line number	Diff line change
`@@ -23,11 +23,14 @@ import (`
`23`	`23`	`)`
`24`	`24`
`25`	`25`	`const (`
`26`		`- VersionSSL30 = 0x0300`
`27`	`26`	`VersionTLS10 = 0x0301`
`28`	`27`	`VersionTLS11 = 0x0302`
`29`	`28`	`VersionTLS12 = 0x0303`
`30`	`29`	`VersionTLS13 = 0x0304`
	`30`	`+`
	`31`	`+ // Deprecated: SSLv3 is cryptographically broken, and will be`
	`32`	`+ // removed in Go 1.14. See golang.org/issue/32716.`
	`33`	`+ VersionSSL30 = 0x0300`
`31`	`34`	`)`
`32`	`35`
`33`	`36`	`const (`