diff options
author | Bas Westerbaan <[email protected]> | 2024-08-28 01:08:16 +0200 |
---|---|---|
committer | GitHub <[email protected]> | 2024-08-27 17:08:16 -0600 |
commit | dcbf38d0b370cc0f412157b11961dd0b0e007251 (patch) | |
tree | 18c17028280788046a9fcc5b3550275c7574a0da /cmd | |
parent | 2028da4e74cd41f0f7f94222c6599da1a371d4b8 (diff) | |
download | caddy-dcbf38d0b370cc0f412157b11961dd0b0e007251.tar.gz caddy-dcbf38d0b370cc0f412157b11961dd0b0e007251.zip |
tls: use Go default kex for the moment that include PQC (#6542)
By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement
method that is enabled by default on Chrome. Go 1.23 does not expose
the CurveID, so we cannot add it by specifying it in CurvePreferences.
The reason is that X25519Kyber768 is a preliminary key agreement that
will be supplanted by X25519MLKEM768. For the moment there is value
in enabling it.
A consequence of this is that by default Caddy will enable support
for P-384 and P-521.
This PR also removes the special code to add support for X25519Kyber768
via the Cloudflare Go branch.
Cf #6540
Diffstat (limited to 'cmd')
-rw-r--r-- | cmd/caddy/main.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/cmd/caddy/main.go b/cmd/caddy/main.go index 48fa149aa..f1aeda0a4 100644 --- a/cmd/caddy/main.go +++ b/cmd/caddy/main.go @@ -1,3 +1,8 @@ +// The below line is required to enable post-quantum key agreement in Go 1.23 +// by default without insisting on setting a minimum version of 1.23 in go.mod. +// See https://github.com/caddyserver/caddy/issues/6540#issuecomment-2313094905 +//go:debug tlskyber=1 + // Copyright 2015 Matthew Holt and The Caddy Authors // // Licensed under the Apache License, Version 2.0 (the "License"); |