@@ -199,7 +199,7 @@ type ConnectionState struct {
199199 Version uint16 // TLS version used by the connection (e.g. VersionTLS12)
200200 HandshakeComplete bool // TLS handshake is complete
201201 DidResume bool // connection resumes a previous TLS connection
202- CipherSuite uint16 // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA , ...)
202+ CipherSuite uint16 // cipher suite in use (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 , ...)
203203 NegotiatedProtocol string // negotiated next protocol (not guaranteed to be from Config.NextProtos)
204204 NegotiatedProtocolIsMutual bool // negotiated protocol was advertised by server (client side only)
205205 ServerName string // server name requested by client, if any (server side only)
@@ -315,7 +315,7 @@ const (
315315// guide certificate selection in the GetCertificate callback.
316316type ClientHelloInfo struct {
317317 // CipherSuites lists the CipherSuites supported by the client (e.g.
318- // TLS_RSA_WITH_RC4_128_SHA ).
318+ // TLS_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ).
319319 CipherSuites []uint16
320320
321321 // ServerName indicates the name of the server requested by the client
@@ -521,8 +521,11 @@ type Config struct {
521521 // This should be used only for testing.
522522 InsecureSkipVerify bool
523523
524- // CipherSuites is a list of supported cipher suites. If CipherSuites
525- // is nil, TLS uses a list of suites supported by the implementation.
524+ // CipherSuites is a list of supported cipher suites for TLS versions up to
525+ // TLS 1.2. If CipherSuites is nil, a default list of secure cipher suites
526+ // is used, with a preference order based on hardware performance. The
527+ // default cipher suites might change over Go versions. Note that TLS 1.3
528+ // ciphersuites are not configurable.
526529 CipherSuites []uint16
527530
528531 // PreferServerCipherSuites controls whether the server selects the
0 commit comments