diff --git a/cmd/caddy/main.go b/cmd/caddy/main.go index 48fa149a..f1aeda0a 100644 --- a/cmd/caddy/main.go +++ b/cmd/caddy/main.go @@ -1,3 +1,8 @@ +// The below line is required to enable post-quantum key agreement in Go 1.23 +// by default without insisting on setting a minimum version of 1.23 in go.mod. +// See https://github.com/caddyserver/caddy/issues/6540#issuecomment-2313094905 +//go:debug tlskyber=1 + // Copyright 2015 Matthew Holt and The Caddy Authors // // Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/modules/caddytls/cf.go b/modules/caddytls/cf.go deleted file mode 100644 index e61a59c0..00000000 --- a/modules/caddytls/cf.go +++ /dev/null @@ -1,24 +0,0 @@ -//go:build cfgo - -package caddytls - -// This file adds support for X25519Kyber768Draft00, a post-quantum -// key agreement that is currently being rolled out by Chrome [1] -// and Cloudflare [2,3]. For more context, see the PR [4]. -// -// [1] https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html -// [2] https://blog.cloudflare.com/post-quantum-for-all/ -// [3] https://blog.cloudflare.com/post-quantum-to-origins/ -// [4] https://github.com/caddyserver/caddy/pull/5852 - -import ( - "crypto/tls" -) - -func init() { - SupportedCurves["X25519Kyber768Draft00"] = tls.X25519Kyber768Draft00 - defaultCurves = append( - []tls.CurveID{tls.X25519Kyber768Draft00}, - defaultCurves..., - ) -} diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 4ec0e673..e2890c84 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -841,7 +841,15 @@ func setDefaultTLSParams(cfg *tls.Config) { cfg.CipherSuites = append([]uint16{tls.TLS_FALLBACK_SCSV}, cfg.CipherSuites...) if len(cfg.CurvePreferences) == 0 { - cfg.CurvePreferences = defaultCurves + // We would want to write + // + // cfg.CurvePreferences = defaultCurves + // + // but that would disable the post-quantum key agreement X25519Kyber768 + // supported in Go 1.23, for which the CurveID is not exported. + // Instead, we'll set CurvePreferences to nil, which will enable PQC. + // See https://github.com/caddyserver/caddy/issues/6540 + cfg.CurvePreferences = nil } if cfg.MinVersion == 0 { diff --git a/modules/caddytls/values.go b/modules/caddytls/values.go index 4e8c1adc..20fe45ff 100644 --- a/modules/caddytls/values.go +++ b/modules/caddytls/values.go @@ -108,6 +108,11 @@ var supportedCertKeyTypes = map[string]certmagic.KeyType{ // implementation exists (e.g. P256). The latter ones can be // found here: // https://github.com/golang/go/tree/master/src/crypto/elliptic +// +// Temporily we ignore these default, to take advantage of X25519Kyber768 +// in Go's defaults (X25519Kyber768, X25519, P-256, P-384, P-521), which +// isn't exported. See https://github.com/caddyserver/caddy/issues/6540 +// nolint:unused var defaultCurves = []tls.CurveID{ tls.X25519, tls.CurveP256,