Skip to content

Commit

Permalink
caddytls: Support post-quantum key exchange mechanism X25519MLKEM768
Browse files Browse the repository at this point in the history
Also bump minimum Go version to 1.24.
  • Loading branch information
mholt committed Feb 12, 2025
1 parent 22563a7 commit 172136a
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 27 deletions.
4 changes: 1 addition & 3 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
module github.com/caddyserver/caddy/v2

go 1.22.3

toolchain go1.23.0
go 1.24

require (
github.com/BurntSushi/toml v1.4.0
Expand Down
18 changes: 8 additions & 10 deletions modules/caddytls/connpolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -884,19 +884,17 @@ func setDefaultTLSParams(cfg *tls.Config) {
cfg.CipherSuites = append([]uint16{tls.TLS_FALLBACK_SCSV}, cfg.CipherSuites...)

if len(cfg.CurvePreferences) == 0 {
// We would want to write
//
// cfg.CurvePreferences = defaultCurves
//
// but that would disable the post-quantum key agreement X25519Kyber768
// supported in Go 1.23, for which the CurveID is not exported.
// Instead, we'll set CurvePreferences to nil, which will enable PQC.
// See https://github.com/caddyserver/caddy/issues/6540
cfg.CurvePreferences = nil
cfg.CurvePreferences = defaultCurves
}

if cfg.MinVersion == 0 {
cfg.MinVersion = tls.VersionTLS12
// crypto/tls docs:
// "If EncryptedClientHelloKeys is set, MinVersion, if set, must be VersionTLS13."
if cfg.EncryptedClientHelloKeys == nil {
cfg.MinVersion = tls.VersionTLS12
} else {
cfg.MinVersion = tls.VersionTLS13
}
}
if cfg.MaxVersion == 0 {
cfg.MaxVersion = tls.VersionTLS13
Expand Down
26 changes: 12 additions & 14 deletions modules/caddytls/values.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,13 +81,15 @@ func getOptimalDefaultCipherSuites() []uint16 {
return defaultCipherSuitesWithoutAESNI
}

// SupportedCurves is the unordered map of supported curves.
// SupportedCurves is the unordered map of supported curves
// or key exchange mechanisms ("curves" traditionally).
// https://golang.org/pkg/crypto/tls/#CurveID
var SupportedCurves = map[string]tls.CurveID{
"x25519": tls.X25519,
"secp256r1": tls.CurveP256,
"secp384r1": tls.CurveP384,
"secp521r1": tls.CurveP521,
"X25519mlkem768": tls.X25519MLKEM768,
"x25519": tls.X25519,
"secp256r1": tls.CurveP256,
"secp384r1": tls.CurveP384,
"secp521r1": tls.CurveP521,
}

// supportedCertKeyTypes is all the key types that are supported
Expand All @@ -100,20 +102,16 @@ var supportedCertKeyTypes = map[string]certmagic.KeyType{
"ed25519": certmagic.ED25519,
}

// defaultCurves is the list of only the curves we want to use
// by default, in descending order of preference.
// defaultCurves is the list of only the curves or key exchange
// mechanisms we want to use by default. The order is irrelevant.
//
// This list should only include curves which are fast by design
// (e.g. X25519) and those for which an optimized assembly
// This list should only include mechanisms which are fast by
// design (e.g. X25519) and those for which an optimized assembly
// implementation exists (e.g. P256). The latter ones can be
// found here:
// https://github.com/golang/go/tree/master/src/crypto/elliptic
//
// Temporily we ignore these default, to take advantage of X25519Kyber768
// in Go's defaults (X25519Kyber768, X25519, P-256, P-384, P-521), which
// isn't exported. See https://github.com/caddyserver/caddy/issues/6540
// nolint:unused
var defaultCurves = []tls.CurveID{
tls.X25519MLKEM768,
tls.X25519,
tls.CurveP256,
}
Expand Down

0 comments on commit 172136a

Please sign in to comment.