From 75bdcc38efe72cda54e45b9d608946956e3534a8 Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@golang.org>
Date: Tue, 8 Dec 2015 16:49:17 +0000
Subject: [PATCH] crypto/tls: document lack of Lucky13 hardening

Updates #13385

Change-Id: I9c2edf8c02adc388c48760b29e63dfa2966262d6
Reviewed-on: https://go-review.googlesource.com/17532
Reviewed-by: Tim Cooijmans <timcooijmans@gmail.com>
Reviewed-by: Adam Langley <agl@golang.org>
---
 tls.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tls.go b/tls.go
index 2554af6..c1d1331 100644
--- a/tls.go
+++ b/tls.go
@@ -5,6 +5,11 @@
 // Package tls partially implements TLS 1.2, as specified in RFC 5246.
 package tls
 
+// BUG(agl): The crypto/tls package does not implement countermeasures
+// against Lucky13 attacks on CBC-mode encryption. See
+// http://www.isg.rhul.ac.uk/tls/TLStiming.pdf and
+// https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
+
 import (
 	"crypto"
 	"crypto/ecdsa"