crypto/tls, runtime: document GODEBUG TLS 1.3 option

Change-Id: I6801676335924414ce50249df2b7bea08886b203
Reviewed-on: https://go-review.googlesource.com/c/162360
Reviewed-by: Filippo Valsorda <filippo@golang.org>

diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go
index f8e32ab495107a5aa7f1335e6c2af5b759b619be..578035cf731115ca6afb0c2b9003615fb2171786 100644 (file)
--- a/src/crypto/tls/tls.go
+++ b/src/crypto/tls/tls.go
@@ -4,6 +4,15 @@
 
 // Package tls partially implements TLS 1.2, as specified in RFC 5246,
 // and TLS 1.3, as specified in RFC 8446.
+//
+// TLS 1.3 is available only on an opt-in basis in Go 1.12. To enable
+// it, set the GODEBUG environment variable (comma-separated key=value
+// options) such that it includes "tls13=1". To enable it from within
+// the process, set the environment variable before any use of TLS:
+//
+//     func init() {
+//         os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
+//     }
 package tls
 
 // BUG(agl): The crypto/tls package only implements some countermeasures

diff --git a/src/runtime/extern.go b/src/runtime/extern.go
index 437406d9910100eed7225169d25fb6220bac9d9a..e308dd38b1bc76da5f98f7aaa4530c0008972855 100644 (file)
--- a/src/runtime/extern.go
+++ b/src/runtime/extern.go
@@ -127,7 +127,7 @@ It is a comma-separated list of name=val pairs setting these named variables:
        IDs will refer to the ID of the goroutine at the time of creation; it's possible for this
        ID to be reused for another goroutine. Setting N to 0 will report no ancestry information.
 
-The net and net/http packages also refer to debugging variables in GODEBUG.
+The net, net/http, and crypto/tls packages also refer to debugging variables in GODEBUG.
 See the documentation for those packages for details.
 
 The GOMAXPROCS variable limits the number of operating system threads that