From 2616ed069470cad4212406a77ca8dd481692e495 Mon Sep 17 00:00:00 2001
From: Bas Westerbaan <bas@westerbaan.name>
Date: Tue, 27 Aug 2024 00:10:13 +0200
Subject: [PATCH] tls: use Go default kex for the moment that include PQC

By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement
method that is enabled by default on Chrome. Go 1.23 does not expose
the CurveID, so we cannot add it by specifying it in CurvePreferences.
The reason is that X25519Kyber768 is a preliminary key agreement that
will be supplanted by X25519MLKEM768. For the moment there is value
in enabling it.

A consequence of this is that by default Caddy will enable support
for P-384 and P-521.

This PR also removes the special code to add support for X25519Kyber768
via the Cloudflare Go branch.

Cf #6540
---
 modules/caddytls/cf.go         | 24 ------------------------
 modules/caddytls/connpolicy.go | 10 +++++++++-
 2 files changed, 9 insertions(+), 25 deletions(-)
 delete mode 100644 modules/caddytls/cf.go

diff --git a/modules/caddytls/cf.go b/modules/caddytls/cf.go
deleted file mode 100644
index e61a59c09e1a..000000000000
--- a/modules/caddytls/cf.go
+++ /dev/null
@@ -1,24 +0,0 @@
-//go:build cfgo
-
-package caddytls
-
-// This file adds support for X25519Kyber768Draft00, a post-quantum
-// key agreement that is currently being rolled out by Chrome [1]
-// and Cloudflare [2,3]. For more context, see the PR [4].
-//
-// [1] https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html
-// [2] https://blog.cloudflare.com/post-quantum-for-all/
-// [3] https://blog.cloudflare.com/post-quantum-to-origins/
-// [4] https://github.com/caddyserver/caddy/pull/5852
-
-import (
-	"crypto/tls"
-)
-
-func init() {
-	SupportedCurves["X25519Kyber768Draft00"] = tls.X25519Kyber768Draft00
-	defaultCurves = append(
-		[]tls.CurveID{tls.X25519Kyber768Draft00},
-		defaultCurves...,
-	)
-}
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 4ec0e673a774..b54f27294b72 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -841,7 +841,15 @@ func setDefaultTLSParams(cfg *tls.Config) {
 	cfg.CipherSuites = append([]uint16{tls.TLS_FALLBACK_SCSV}, cfg.CipherSuites...)
 
 	if len(cfg.CurvePreferences) == 0 {
-		cfg.CurvePreferences = defaultCurves
+		// We would want to write
+		//
+		//	cfg.CurvePreferences = defaultCurves
+		//
+		// but that would disable the post-quantum key agreement X25519Kyber768
+		// supported in Go 1.23, for which the CurveID is not exported.
+		// Instead, we'll set CurvePreferences to nil, which will enable PQC.
+		// See https://github.com/caddyserver/caddy/issues/6540.
+		cfg.CurvePreferences = nil
 	}
 
 	if cfg.MinVersion == 0 {