You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
go crypto tls
About this tag
The Go crypto/tls tag covers discussions about the Go standard library's TLS implementation, including security vulnerabilities and their impact on enterprise environments. A notable topic is CVE-2022-30629, where session tickets in crypto/tls omitted a required ticket_age_add value, weakening session privacy by allowing network observers to correlate resumed TLS 1.3 connections. This issue is particularly relevant for Azure Linux (CBL-Mariner) users, as Microsoft highlighted its exposure. The tag also addresses fixes, workarounds, and broader implications for Go-based applications handling TLS in cloud or enterprise IT settings.
The Go standard library's TLS implementation shipped a small but consequential bug in 2022: session tickets created by crypto/tls omitted a randomly generated ticket_age_add value required by the TLS 1.3 specification. The result (tracked as CVE‑2022‑30629 / GO‑2022‑0531) is not a catastrophic...