TLS 1.3

[rugk]

I could not find an open issue, and I hope it is not already implemented, but TLS 1.3 support should be added!

TLS 1.3 is finalized AFAIK, browsers are soon going to implement the latest "draft" (not a draft now anymore, don't know the name).

[mholt]

Waiting for Go to implement it into their standard library.

Fortunately, @FiloSottile -- who already implemented an earlier draft of TLS 1.3 in Go -- now works on the Go team doing cryptography. Sooooo I'm pretty confident it could happen by Go 1.11 or definitely Go 1.12. (Right? 😉)

[faradaytrs]

They seem to be aiming for go 1.12

[mholt]

Yep. We're looking at ~Feb. 2019 I think.

[rugk]

Uuh, so late??

[mholt]

Stability over speed, when it comes to things like this...

[FiloSottile]

To get it in 1.11 we would have to mail it all by the end of the month, which was deemed way too tight. https://github.com/golang/go/wiki/Go-Release-Cycle

[high3eam]

I've compiled Caddy together with the tls-tris lib from cloudflare and released a how to here:

https://www.hnrk.io/md/2._caddy+TLS1.3.md.

Patch of caddy (pretty-printed) is here.

TLS1.3 version is RFC8446.

PoC is https://www.hnrk.io/ (SSLLabs)

[vladbondarenko]

I've compiled Caddy together with the tls-tris lib from cloudflare and released a how to here:

https://www.henrock.net/md/2._caddy+TLS1.3.md.

Patch of caddy (pretty-printed) is here.

TLS1.3 version is RFC8446.

PoC is https://www.henrock.net/

Hi, Matt, sorry for chatting in caddy repo, but @henrocker seems there is no https://golang.org/src/crypto/internal/ now.
GOARCH=amd64 GOROOT="/root/tls-tris/_dev/GOROOT/linux_amd64" go install -v std
_dev/GOROOT/linux_amd64/src/crypto/tls/common.go:10:2: cannot find package "crypto/internal/cipherhw" in any of:
/root/tls-tris/_dev/GOROOT/linux_amd64/src/vendor/crypto/internal/cipherhw (vendor tree)
/root/tls-tris/_dev/GOROOT/linux_amd64/src/crypto/internal/cipherhw (from $GOROOT)
/root/go/src/crypto/internal/cipherhw (from $GOPATH)

[high3eam]

@vladbondarenko This is why here, I stated, that golang 1.10.4 is needed for this.

[high3eam]

Updated the tutorial in regards to the golang upgrade 1.11.1 in tls-tris, as well as edited my comment above.

[vladbondarenko]

Thanks. That works on Centos7 also.
but @henrocker please fix domain and urls in #2080 (comment)
from henrock.net to hnrk.io, I'm tired of being a telepath ))

[high3eam]

@vladbondarenko Done!

[htfy96]

The official patch for TLS1.3 support has been merged: golang/go#9671.

[unixfox]

If you don't want to wait for a new version of Caddy with TLS1.3 support, you just have to install golang from the source code (git) and then build caddy with the patch of @henrocker:

go get github.com/mholt/caddy
go get github.com/caddyserver/builds
cd $GOPATH/src/github.com/mholt/caddy
wget https://www.hnrk.io/md/caddy.patch
patch -p1 < caddy.patch
cd $GOPATH/src/github.com/mholt/caddy/caddy
go run build.go

[faradaytrs]

@unixfox yeah i did it, workes fine

[mholt]

Done in #2399. Go 1.12 now required to build Caddy.