Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: use Go default kex for the moment that include PQC #6542

Merged
merged 1 commit into from
Aug 27, 2024
Merged

tls: use Go default kex for the moment that include PQC #6542

merged 1 commit into from
Aug 27, 2024

Conversation

bwesterb
Copy link
Contributor

@bwesterb bwesterb commented Aug 26, 2024
edited
Loading

By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement method that is enabled by default on Chrome. Go 1.23 does not expose the CurveID, so we cannot add it by specifying it in CurvePreferences. The reason is that X25519Kyber768 is a preliminary key agreement that will be supplanted by X25519MLKEM768. For the moment there is value in enabling it.

A consequence of this is that by default Caddy will enable support for P-384 and P-521.

This PR also removes the special code to add support for X25519Kyber768 via the Cloudflare Go branch.

Cf #6540

@bwesterb bwesterb force-pushed the pq123 branch 2 times, most recently from 2616ed0 to e93d68b Compare August 26, 2024 22:21
sam-bee
sam-bee reviewed Aug 26, 2024
View reviewed changes
Copy link

@sam-bee sam-bee left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this having the desired effect? I seem to be still getting X25519, but I'm not sure why.

QA environment details:

root@5a81f85b51be:/go/src/github.com/caddyserver/caddy/cmd/caddy# git remote -v
origin	https://github.com/bwesterb/caddy.git (fetch)
origin	https://github.com/bwesterb/caddy.git (push)
root@5a81f85b51be:/go/src/github.com/caddyserver/caddy/cmd/caddy# git rev-parse --abbrev-ref HEAD
pq123
root@5a81f85b51be:/go/src/github.com/caddyserver/caddy/cmd/caddy# git log -1 --oneline
e93d68b (HEAD -> pq123, origin/pq123) tls: use Go default kex for the moment that include PQC
root@5a81f85b51be:/go/src/github.com/caddyserver/caddy/cmd/caddy# caddy --version
e93d68b61276d8706698cdfb9b4b2583a9c97a41 (26 Aug 24 22:21 UTC)
root@5a81f85b51be:/go/src/github.com/caddyserver/caddy/cmd/caddy# go version
go version go1.23.0 linux/amd64

Google Chrome
Version 128.0.6613.84 (Official Build) (64-bit)

@bwesterb
Copy link
Contributor Author

Is this having the desired effect? I seem to be still getting X25519, but I'm not sure why.

Can confirm. Debugging now.

@bwesterb
Copy link
Contributor Author

Ok, I figured it out. Go disables new features controlled by debug flags when the go.mod go version is too low.

sam-bee
sam-bee approved these changes Aug 27, 2024
View reviewed changes
Copy link

@sam-bee sam-bee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have retested the changes, and this looks good to me.

Screenshot from 2024-08-27 14-08-59

X25519Kyber768Draft00 ciphersuite, reported by Chrome

QA env:

root@97e644d656f4:/go/src/github.com/caddyserver/caddy/cmd/caddy# git log -1 --oneline
9051820 (HEAD -> pq123, origin/pq123) tls: use Go default kex for the moment that include PQC
root@97e644d656f4:/go/src/github.com/caddyserver/caddy/cmd/caddy# caddy --version
9051820d85db00232c5ffb4403899ad4f812229d (27 Aug 24 11:21 UTC)
root@97e644d656f4:/go/src/github.com/caddyserver/caddy/cmd/caddy# go version
go version go1.23.0 linux/amd64

I take it there's nothing special that needs to happen if the Caddy user specifies TLS 1.2?

@bwesterb
Copy link
Contributor Author

X25519Kyber768 is only supported with TLS 1.3.

@bwesterb
Copy link
Contributor Author

bwesterb commented Aug 27, 2024
edited
Loading

Ok, I figured it out. Go disables new features controlled by debug flags when the go.mod go version is too low.

There is a workaround pointed out by @FiloSottile by adding a go:debug line in main. I use that now — should be good to merge.

@bwesterb
tls: use Go default kex for the moment that include PQC
0232965 
By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement
method that is enabled by default on Chrome. Go 1.23 does not expose
the CurveID, so we cannot add it by specifying it in CurvePreferences.
The reason is that X25519Kyber768 is a preliminary key agreement that
will be supplanted by X25519MLKEM768. For the moment there is value
in enabling it.

A consequence of this is that by default Caddy will enable support
for P-384 and P-521.

This PR also removes the special code to add support for X25519Kyber768
via the Cloudflare Go branch.

Cf caddyserver#6540
mholt
mholt approved these changes Aug 27, 2024
View reviewed changes
Copy link
Member

@mholt mholt left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent, LGTM. Thanks for everyone's input!

(The lint failure is the result of a bug in the linter, hopefully they fix it soon.)

@mholt mholt merged commit dcbf38d into caddyserver:master Aug 27, 2024
30 of 33 checks passed
@mholt mholt added this to the v2.9.0 milestone Aug 27, 2024
@mholt mholt added the feature ⚙️ New feature or request label Aug 27, 2024
@bwesterb bwesterb deleted the pq123 branch August 27, 2024 23:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@francislavoie francislavoie francislavoie left review comments

@mholt mholt mholt approved these changes

@sam-bee sam-bee sam-bee approved these changes

Assignees
No one assigned
Labels
feature ⚙️ New feature or request
Projects
None yet
Milestone
v2.9.0-beta.2
Development

Successfully merging this pull request may close these issues.
4 participants
@bwesterb @mholt @francislavoie @sam-bee