[release-branch.go1.12] crypto/tls, runtime: document GODEBUG TLS 1.3 option
Change-Id: I6801676335924414ce50249df2b7bea08886b203
Reviewed-on: https://go-review.googlesource.com/c/162360
Reviewed-by: Filippo Valsorda <filippo@golang.org>
(cherry picked from commit 48bb61166711f47eb401f245c704a5a4887d4503)
Reviewed-on: https://go-review.googlesource.com/c/162497
diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go
index f8e32ab..578035c 100644
--- a/src/crypto/tls/tls.go
+++ b/src/crypto/tls/tls.go
@@ -4,6 +4,15 @@
// Package tls partially implements TLS 1.2, as specified in RFC 5246,
// and TLS 1.3, as specified in RFC 8446.
+//
+// TLS 1.3 is available only on an opt-in basis in Go 1.12. To enable
+// it, set the GODEBUG environment variable (comma-separated key=value
+// options) such that it includes "tls13=1". To enable it from within
+// the process, set the environment variable before any use of TLS:
+//
+// func init() {
+// os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
+// }
package tls
// BUG(agl): The crypto/tls package only implements some countermeasures
diff --git a/src/runtime/extern.go b/src/runtime/extern.go
index 437406d..e308dd3 100644
--- a/src/runtime/extern.go
+++ b/src/runtime/extern.go
@@ -127,7 +127,7 @@
IDs will refer to the ID of the goroutine at the time of creation; it's possible for this
ID to be reused for another goroutine. Setting N to 0 will report no ancestry information.
-The net and net/http packages also refer to debugging variables in GODEBUG.
+The net, net/http, and crypto/tls packages also refer to debugging variables in GODEBUG.
See the documentation for those packages for details.
The GOMAXPROCS variable limits the number of operating system threads that
