crypto/tls: make TLS 1.3 opt-out for Go 1.13 #30055
Description
It seems clear from the history of filed issues that some users will experience minor disruptions when switching to TLS 1.3. For disruptive changes like that, we typically do one or more releases in which the new feature is opt-in, with a prominent announcement about when it will turn on by default. Then we do at least one release with the feature opt-out. (Past examples include HTTP/2, vendor directories, and modules.)
Especially given how central TLS is to so many Go users (any HTTPS client or server!), it seems like we should do that for TLS 1.3 too:
- Make TLS 1.3 available in Go 1.12 but opt-in (off by default).
- Make clear in the release notes and package docs how to turn on TLS 1.3.
- Make clear in the release notes that TLS 1.3 will turn on by default in Go 1.13.
- Make TLS 1.3 in Go 1.13 opt-out (on by default).
Following the HTTP/2 example my suggestion would be to use GODEBUG=tls13=1 for opt-in now, and GODEBUG=tls13=0 for opt-out later.
/cc @FiloSottile