tls: use Go default kex for the moment that include PQC

By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement method that is enabled by default on Chrome. Go 1.23 does not expose the CurveID, so we cannot add it by specifying it in CurvePreferences. The reason is that X25519Kyber768 is a preliminary key agreement that will be supplanted by X25519MLKEM768. For the moment there is value in enabling it. A consequence of this is that by default Caddy will enable support for P-384 and P-521. This PR also removes the special code to add support for X25519Kyber768 via the Cloudflare Go branch. Cf #6540
caddyserver · Aug 26, 2024 · 2616ed0 · 2616ed0
1 parent 2028da4
commit 2616ed0
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 25 deletions.
diff --git a/modules/caddytls/cf.go b/modules/caddytls/cf.go
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
@@ -841,7 +841,15 @@ func setDefaultTLSParams(cfg *tls.Config) {
 	cfg.CipherSuites = append([]uint16{tls.TLS_FALLBACK_SCSV}, cfg.CipherSuites...)
 
 	if len(cfg.CurvePreferences) == 0 {
-		cfg.CurvePreferences = defaultCurves
+		// We would want to write
+		//
+		//	cfg.CurvePreferences = defaultCurves
+		//
+		// but that would disable the post-quantum key agreement X25519Kyber768
+		// supported in Go 1.23, for which the CurveID is not exported.
+		// Instead, we'll set CurvePreferences to nil, which will enable PQC.
+		// See https://github.com/caddyserver/caddy/issues/6540.
+		cfg.CurvePreferences = nil
 	}
 
 	if cfg.MinVersion == 0 {