crypto/tls: enable TLS 1.3 by default

Updates #30055 Change-Id: I3e79dd7592673c5d76568b0bcded6c391c3be6b3 Reviewed-on: https://go-review.googlesource.com/c/163081 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-03 20:17:36 +03:00 · 2019-02-20 13:50:08 -05:00 · 2019-02-20 13:50:08 -05:00 · 5d20f2d294
commit 5d20f2d294
parent 2e9a42ccc2
3 changed files with 6 additions and 18 deletions
--- a/common.go
+++ b/common.go
@ -776,7 +776,7 @@ func (c *Config) supportedVersions(isClient bool) []uint16 {
 		if isClient && v < VersionTLS10 {
 			continue
 		}
-		// TLS 1.3 is opt-in in Go 1.12.
+		// TLS 1.3 is opt-out in Go 1.13.
 		if v == VersionTLS13 && !isTLS13Supported() {
 			continue
 		}
@ -791,11 +791,11 @@ var tls13Support struct {
 	cached bool
 }

-// isTLS13Supported returns whether the program opted into TLS 1.3 via
-// GODEBUG=tls13=1. It's cached after the first execution.
+// isTLS13Supported returns whether the program enabled TLS 1.3 by not opting
+// out with GODEBUG=tls13=0. It's cached after the first execution.
 func isTLS13Supported() bool {
 	tls13Support.Do(func() {
-		tls13Support.cached = goDebugString("tls13") == "1"
+		tls13Support.cached = goDebugString("tls13") != "0"
 	})
 	return tls13Support.cached
 }