aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--cmd/caddy/main.go5
-rw-r--r--modules/caddytls/cf.go24
-rw-r--r--modules/caddytls/connpolicy.go10
-rw-r--r--modules/caddytls/values.go5
4 files changed, 19 insertions, 25 deletions
diff --git a/cmd/caddy/main.go b/cmd/caddy/main.go
index 48fa149aa..f1aeda0a4 100644
--- a/cmd/caddy/main.go
+++ b/cmd/caddy/main.go
@@ -1,3 +1,8 @@
+// The below line is required to enable post-quantum key agreement in Go 1.23
+// by default without insisting on setting a minimum version of 1.23 in go.mod.
+// See https://github.com/caddyserver/caddy/issues/6540#issuecomment-2313094905
+//go:debug tlskyber=1
+
// Copyright 2015 Matthew Holt and The Caddy Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/modules/caddytls/cf.go b/modules/caddytls/cf.go
deleted file mode 100644
index e61a59c09..000000000
--- a/modules/caddytls/cf.go
+++ /dev/null
@@ -1,24 +0,0 @@
-//go:build cfgo
-
-package caddytls
-
-// This file adds support for X25519Kyber768Draft00, a post-quantum
-// key agreement that is currently being rolled out by Chrome [1]
-// and Cloudflare [2,3]. For more context, see the PR [4].
-//
-// [1] https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html
-// [2] https://blog.cloudflare.com/post-quantum-for-all/
-// [3] https://blog.cloudflare.com/post-quantum-to-origins/
-// [4] https://github.com/caddyserver/caddy/pull/5852
-
-import (
- "crypto/tls"
-)
-
-func init() {
- SupportedCurves["X25519Kyber768Draft00"] = tls.X25519Kyber768Draft00
- defaultCurves = append(
- []tls.CurveID{tls.X25519Kyber768Draft00},
- defaultCurves...,
- )
-}
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 4ec0e673a..e2890c848 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -841,7 +841,15 @@ func setDefaultTLSParams(cfg *tls.Config) {
cfg.CipherSuites = append([]uint16{tls.TLS_FALLBACK_SCSV}, cfg.CipherSuites...)
if len(cfg.CurvePreferences) == 0 {
- cfg.CurvePreferences = defaultCurves
+ // We would want to write
+ //
+ // cfg.CurvePreferences = defaultCurves
+ //
+ // but that would disable the post-quantum key agreement X25519Kyber768
+ // supported in Go 1.23, for which the CurveID is not exported.
+ // Instead, we'll set CurvePreferences to nil, which will enable PQC.
+ // See https://github.com/caddyserver/caddy/issues/6540
+ cfg.CurvePreferences = nil
}
if cfg.MinVersion == 0 {
diff --git a/modules/caddytls/values.go b/modules/caddytls/values.go
index 4e8c1adc2..20fe45ff8 100644
--- a/modules/caddytls/values.go
+++ b/modules/caddytls/values.go
@@ -108,6 +108,11 @@ var supportedCertKeyTypes = map[string]certmagic.KeyType{
// implementation exists (e.g. P256). The latter ones can be
// found here:
// https://github.com/golang/go/tree/master/src/crypto/elliptic
+//
+// Temporily we ignore these default, to take advantage of X25519Kyber768
+// in Go's defaults (X25519Kyber768, X25519, P-256, P-384, P-521), which
+// isn't exported. See https://github.com/caddyserver/caddy/issues/6540
+// nolint:unused
var defaultCurves = []tls.CurveID{
tls.X25519,
tls.CurveP256,