1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00

tls: use Go default kex for the moment that include PQC (#6542)

By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement
method that is enabled by default on Chrome. Go 1.23 does not expose
the CurveID, so we cannot add it by specifying it in CurvePreferences.
The reason is that X25519Kyber768 is a preliminary key agreement that
will be supplanted by X25519MLKEM768. For the moment there is value
in enabling it.

A consequence of this is that by default Caddy will enable support
for P-384 and P-521.

This PR also removes the special code to add support for X25519Kyber768
via the Cloudflare Go branch.

Cf #6540
This commit is contained in:
Bas Westerbaan 2024-08-28 01:08:16 +02:00 committed by GitHub
parent 2028da4e74
commit dcbf38d0b3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 19 additions and 25 deletions

View file

@ -1,3 +1,8 @@
// The below line is required to enable post-quantum key agreement in Go 1.23
// by default without insisting on setting a minimum version of 1.23 in go.mod.
// See https://github.com/caddyserver/caddy/issues/6540#issuecomment-2313094905
//go:debug tlskyber=1
// Copyright 2015 Matthew Holt and The Caddy Authors // Copyright 2015 Matthew Holt and The Caddy Authors
// //
// Licensed under the Apache License, Version 2.0 (the "License"); // Licensed under the Apache License, Version 2.0 (the "License");

View file

@ -1,24 +0,0 @@
//go:build cfgo
package caddytls
// This file adds support for X25519Kyber768Draft00, a post-quantum
// key agreement that is currently being rolled out by Chrome [1]
// and Cloudflare [2,3]. For more context, see the PR [4].
//
// [1] https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html
// [2] https://blog.cloudflare.com/post-quantum-for-all/
// [3] https://blog.cloudflare.com/post-quantum-to-origins/
// [4] https://github.com/caddyserver/caddy/pull/5852
import (
"crypto/tls"
)
func init() {
SupportedCurves["X25519Kyber768Draft00"] = tls.X25519Kyber768Draft00
defaultCurves = append(
[]tls.CurveID{tls.X25519Kyber768Draft00},
defaultCurves...,
)
}

View file

@ -841,7 +841,15 @@ func setDefaultTLSParams(cfg *tls.Config) {
cfg.CipherSuites = append([]uint16{tls.TLS_FALLBACK_SCSV}, cfg.CipherSuites...) cfg.CipherSuites = append([]uint16{tls.TLS_FALLBACK_SCSV}, cfg.CipherSuites...)
if len(cfg.CurvePreferences) == 0 { if len(cfg.CurvePreferences) == 0 {
cfg.CurvePreferences = defaultCurves // We would want to write
//
// cfg.CurvePreferences = defaultCurves
//
// but that would disable the post-quantum key agreement X25519Kyber768
// supported in Go 1.23, for which the CurveID is not exported.
// Instead, we'll set CurvePreferences to nil, which will enable PQC.
// See https://github.com/caddyserver/caddy/issues/6540
cfg.CurvePreferences = nil
} }
if cfg.MinVersion == 0 { if cfg.MinVersion == 0 {

View file

@ -108,6 +108,11 @@ var supportedCertKeyTypes = map[string]certmagic.KeyType{
// implementation exists (e.g. P256). The latter ones can be // implementation exists (e.g. P256). The latter ones can be
// found here: // found here:
// https://github.com/golang/go/tree/master/src/crypto/elliptic // https://github.com/golang/go/tree/master/src/crypto/elliptic
//
// Temporily we ignore these default, to take advantage of X25519Kyber768
// in Go's defaults (X25519Kyber768, X25519, P-256, P-384, P-521), which
// isn't exported. See https://github.com/caddyserver/caddy/issues/6540
// nolint:unused
var defaultCurves = []tls.CurveID{ var defaultCurves = []tls.CurveID{
tls.X25519, tls.X25519,
tls.CurveP256, tls.CurveP256,