You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Go 1.18 disabled the use of SHA1 in most X.509 certificates by default but added a GODEBUG for re-enabling them, to accommodate private CAs that might not have updated yet. https://go.dev/crypto/x509#InsecureAlgorithmError
Per https://go.dev/doc/godebug#go-118 we can remove that GODEBUG in Go 1.22 or later. The GKE team, which is the only team that reached out about needing to keep SHA1, has gathered metrics about their own dependence (via customers) on this setting, and they believe that they won't need it anymore after Go 1.23.
Unless there are other users who need us to keep the setting around longer, I propose that we retire the x509sha1 GODEBUG in Go 1.24. We would pre-announce this in the release notes for both Go 1.22 and Go 1.23.
The text was updated successfully, but these errors were encountered:
Go 1.18 disabled the use of SHA1 in most X.509 certificates by default but added a GODEBUG for re-enabling them, to accommodate private CAs that might not have updated yet. https://go.dev/crypto/x509#InsecureAlgorithmError
Per https://go.dev/doc/godebug#go-118 we can remove that GODEBUG in Go 1.22 or later. The GKE team, which is the only team that reached out about needing to keep SHA1, has gathered metrics about their own dependence (via customers) on this setting, and they believe that they won't need it anymore after Go 1.23.
Unless there are other users who need us to keep the setting around longer, I propose that we retire the x509sha1 GODEBUG in Go 1.24. We would pre-announce this in the release notes for both Go 1.22 and Go 1.23.
The text was updated successfully, but these errors were encountered: