The Go standard library's TLS implementation shipped a small but consequential bug in 2022: session tickets created by crypto/tls omitted a randomly generated ticket_age_add value required by the TLS 1.3 specification. The result (tracked as CVE‑2022‑30629 / GO‑2022‑0531) is not a catastrophic...
