tls: use Go default kex for the moment that include PQC #6542
Conversation
bwesterb
force-pushed
the
pq123
branch
2 times, most recently
from
2616ed0 to
e93d68b
Compare
There was a problem hiding this comment.
Is this having the desired effect? I seem to be still getting X25519, but I'm not sure why.
QA environment details:
root@5a81f85b51be:/go/src/github.com/caddyserver/caddy/cmd/caddy# git remote -v
origin https://github.com/bwesterb/caddy.git (fetch)
origin https://github.com/bwesterb/caddy.git (push)
root@5a81f85b51be:/go/src/github.com/caddyserver/caddy/cmd/caddy# git rev-parse --abbrev-ref HEAD
pq123
root@5a81f85b51be:/go/src/github.com/caddyserver/caddy/cmd/caddy# git log -1 --oneline
e93d68b (HEAD -> pq123, origin/pq123) tls: use Go default kex for the moment that include PQC
root@5a81f85b51be:/go/src/github.com/caddyserver/caddy/cmd/caddy# caddy --version
e93d68b61276d8706698cdfb9b4b2583a9c97a41 (26 Aug 24 22:21 UTC)
root@5a81f85b51be:/go/src/github.com/caddyserver/caddy/cmd/caddy# go version
go version go1.23.0 linux/amd64
Google Chrome
Version 128.0.6613.84 (Official Build) (64-bit)
Can confirm. Debugging now. |
|
Ok, I figured it out. Go disables new features controlled by debug flags when the |
There was a problem hiding this comment.
I have retested the changes, and this looks good to me.
X25519Kyber768Draft00 ciphersuite, reported by Chrome
QA env:
root@97e644d656f4:/go/src/github.com/caddyserver/caddy/cmd/caddy# git log -1 --oneline
9051820 (HEAD -> pq123, origin/pq123) tls: use Go default kex for the moment that include PQC
root@97e644d656f4:/go/src/github.com/caddyserver/caddy/cmd/caddy# caddy --version
9051820d85db00232c5ffb4403899ad4f812229d (27 Aug 24 11:21 UTC)
root@97e644d656f4:/go/src/github.com/caddyserver/caddy/cmd/caddy# go version
go version go1.23.0 linux/amd64
I take it there's nothing special that needs to happen if the Caddy user specifies TLS 1.2?
|
X25519Kyber768 is only supported with TLS 1.3. |
There is a workaround pointed out by @FiloSottile by adding a go:debug line in main. I use that now — should be good to merge. |
By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement method that is enabled by default on Chrome. Go 1.23 does not expose the CurveID, so we cannot add it by specifying it in CurvePreferences. The reason is that X25519Kyber768 is a preliminary key agreement that will be supplanted by X25519MLKEM768. For the moment there is value in enabling it. A consequence of this is that by default Caddy will enable support for P-384 and P-521. This PR also removes the special code to add support for X25519Kyber768 via the Cloudflare Go branch. Cf caddyserver#6540
By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement method that is enabled by default on Chrome. Go 1.23 does not expose the CurveID, so we cannot add it by specifying it in CurvePreferences. The reason is that X25519Kyber768 is a preliminary key agreement that will be supplanted by X25519MLKEM768. For the moment there is value in enabling it.
A consequence of this is that by default Caddy will enable support for P-384 and P-521.
This PR also removes the special code to add support for X25519Kyber768 via the Cloudflare Go branch.
Cf #6540