mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-22 16:46:53 +01:00
dcbf38d0b3
By default Go 1.23 enables X25519Kyber768, a post-quantum key agreement method that is enabled by default on Chrome. Go 1.23 does not expose the CurveID, so we cannot add it by specifying it in CurvePreferences. The reason is that X25519Kyber768 is a preliminary key agreement that will be supplanted by X25519MLKEM768. For the moment there is value in enabling it. A consequence of this is that by default Caddy will enable support for P-384 and P-521. This PR also removes the special code to add support for X25519Kyber768 via the Cloudflare Go branch. Cf #6540
160 lines
4.9 KiB
Go
160 lines
4.9 KiB
Go
// Copyright 2015 Matthew Holt and The Caddy Authors
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package caddytls
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
|
|
"github.com/caddyserver/certmagic"
|
|
"github.com/klauspost/cpuid/v2"
|
|
)
|
|
|
|
// CipherSuiteNameSupported returns true if name is
|
|
// a supported cipher suite.
|
|
func CipherSuiteNameSupported(name string) bool {
|
|
return CipherSuiteID(name) != 0
|
|
}
|
|
|
|
// CipherSuiteID returns the ID of the cipher suite associated with
|
|
// the given name, or 0 if the name is not recognized/supported.
|
|
func CipherSuiteID(name string) uint16 {
|
|
for _, cs := range SupportedCipherSuites() {
|
|
if cs.Name == name {
|
|
return cs.ID
|
|
}
|
|
}
|
|
return 0
|
|
}
|
|
|
|
// SupportedCipherSuites returns a list of all the cipher suites
|
|
// Caddy supports. The list is NOT ordered by security preference.
|
|
func SupportedCipherSuites() []*tls.CipherSuite {
|
|
return tls.CipherSuites()
|
|
}
|
|
|
|
// defaultCipherSuites is the ordered list of all the cipher
|
|
// suites we want to support by default, assuming AES-NI
|
|
// (hardware acceleration for AES).
|
|
var defaultCipherSuitesWithAESNI = []uint16{
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
|
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
|
}
|
|
|
|
// defaultCipherSuites is the ordered list of all the cipher
|
|
// suites we want to support by default, assuming lack of
|
|
// AES-NI (NO hardware acceleration for AES).
|
|
var defaultCipherSuitesWithoutAESNI = []uint16{
|
|
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
|
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
}
|
|
|
|
// getOptimalDefaultCipherSuites returns an appropriate cipher
|
|
// suite to use depending on the hardware support for AES.
|
|
//
|
|
// See https://github.com/caddyserver/caddy/issues/1674
|
|
func getOptimalDefaultCipherSuites() []uint16 {
|
|
if cpuid.CPU.Supports(cpuid.AESNI) {
|
|
return defaultCipherSuitesWithAESNI
|
|
}
|
|
return defaultCipherSuitesWithoutAESNI
|
|
}
|
|
|
|
// SupportedCurves is the unordered map of supported curves.
|
|
// https://golang.org/pkg/crypto/tls/#CurveID
|
|
var SupportedCurves = map[string]tls.CurveID{
|
|
"x25519": tls.X25519,
|
|
"secp256r1": tls.CurveP256,
|
|
"secp384r1": tls.CurveP384,
|
|
"secp521r1": tls.CurveP521,
|
|
}
|
|
|
|
// supportedCertKeyTypes is all the key types that are supported
|
|
// for certificates that are obtained through ACME.
|
|
var supportedCertKeyTypes = map[string]certmagic.KeyType{
|
|
"rsa2048": certmagic.RSA2048,
|
|
"rsa4096": certmagic.RSA4096,
|
|
"p256": certmagic.P256,
|
|
"p384": certmagic.P384,
|
|
"ed25519": certmagic.ED25519,
|
|
}
|
|
|
|
// defaultCurves is the list of only the curves we want to use
|
|
// by default, in descending order of preference.
|
|
//
|
|
// This list should only include curves which are fast by design
|
|
// (e.g. X25519) and those for which an optimized assembly
|
|
// implementation exists (e.g. P256). The latter ones can be
|
|
// found here:
|
|
// https://github.com/golang/go/tree/master/src/crypto/elliptic
|
|
//
|
|
// Temporily we ignore these default, to take advantage of X25519Kyber768
|
|
// in Go's defaults (X25519Kyber768, X25519, P-256, P-384, P-521), which
|
|
// isn't exported. See https://github.com/caddyserver/caddy/issues/6540
|
|
// nolint:unused
|
|
var defaultCurves = []tls.CurveID{
|
|
tls.X25519,
|
|
tls.CurveP256,
|
|
}
|
|
|
|
// SupportedProtocols is a map of supported protocols.
|
|
var SupportedProtocols = map[string]uint16{
|
|
"tls1.2": tls.VersionTLS12,
|
|
"tls1.3": tls.VersionTLS13,
|
|
}
|
|
|
|
// unsupportedProtocols is a map of unsupported protocols.
|
|
// Used for logging only, not enforcement.
|
|
var unsupportedProtocols = map[string]uint16{
|
|
//nolint:staticcheck
|
|
"ssl3.0": tls.VersionSSL30,
|
|
"tls1.0": tls.VersionTLS10,
|
|
"tls1.1": tls.VersionTLS11,
|
|
}
|
|
|
|
// publicKeyAlgorithms is the map of supported public key algorithms.
|
|
var publicKeyAlgorithms = map[string]x509.PublicKeyAlgorithm{
|
|
"rsa": x509.RSA,
|
|
"dsa": x509.DSA,
|
|
"ecdsa": x509.ECDSA,
|
|
}
|
|
|
|
// ProtocolName returns the standard name for the passed protocol version ID
|
|
// (e.g. "TLS1.3") or a fallback representation of the ID value if the version
|
|
// is not supported.
|
|
func ProtocolName(id uint16) string {
|
|
for k, v := range SupportedProtocols {
|
|
if v == id {
|
|
return k
|
|
}
|
|
}
|
|
|
|
for k, v := range unsupportedProtocols {
|
|
if v == id {
|
|
return k
|
|
}
|
|
}
|
|
|
|
return fmt.Sprintf("0x%04x", id)
|
|
}
|