New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLS 1.3 #2080

Open
rugk opened this Issue Mar 23, 2018 · 15 comments

Comments

8 participants
@rugk

rugk commented Mar 23, 2018

I could not find an open issue, and I hope it is not already implemented, but TLS 1.3 support should be added!

TLS 1.3 is finalized AFAIK, browsers are soon going to implement the latest "draft" (not a draft now anymore, don't know the name).

@mholt mholt added the upstream label Mar 23, 2018

@mholt

This comment has been minimized.

Owner

mholt commented Mar 23, 2018

Waiting for Go to implement it into their standard library.

Fortunately, @FiloSottile -- who already implemented an earlier draft of TLS 1.3 in Go -- now works on the Go team doing cryptography. Sooooo I'm pretty confident it could happen by Go 1.11 or definitely Go 1.12. (Right? 😉)

@faradaytrs

This comment has been minimized.

faradaytrs commented Apr 25, 2018

They seem to be aiming for go 1.12

@mholt

This comment has been minimized.

Owner

mholt commented Apr 25, 2018

Yep. We're looking at ~Feb. 2019 I think.

@rugk

This comment has been minimized.

rugk commented Apr 25, 2018

Uuh, so late??

@mholt

This comment has been minimized.

Owner

mholt commented Apr 25, 2018

Stability over speed, when it comes to things like this...

@FiloSottile

This comment has been minimized.

Collaborator

FiloSottile commented Apr 25, 2018

To get it in 1.11 we would have to mail it all by the end of the month, which was deemed way too tight. https://github.com/golang/go/wiki/Go-Release-Cycle

@Henrocker

This comment has been minimized.

Henrocker commented Sep 21, 2018

I've compiled Caddy together with the tls-tris lib from cloudflare and released a how to here:

https://www.hnrk.io/md/2._caddy+TLS1.3.md.

Patch of caddy (pretty-printed) is here.

TLS1.3 version is RFC8446.

PoC is https://www.hnrk.io/ (SSLLabs)

@vladbondarenko

This comment has been minimized.

vladbondarenko commented Oct 8, 2018

I've compiled Caddy together with the tls-tris lib from cloudflare and released a how to here:

https://www.henrock.net/md/2._caddy+TLS1.3.md.

Patch of caddy (pretty-printed) is here.

TLS1.3 version is RFC8446.

PoC is https://www.henrock.net/

Hi, Matt, sorry for chatting in caddy repo, but @Henrocker seems there is no https://golang.org/src/crypto/internal/ now.
GOARCH=amd64 GOROOT="/root/tls-tris/_dev/GOROOT/linux_amd64" go install -v std
_dev/GOROOT/linux_amd64/src/crypto/tls/common.go:10:2: cannot find package "crypto/internal/cipherhw" in any of:
/root/tls-tris/_dev/GOROOT/linux_amd64/src/vendor/crypto/internal/cipherhw (vendor tree)
/root/tls-tris/_dev/GOROOT/linux_amd64/src/crypto/internal/cipherhw (from $GOROOT)
/root/go/src/crypto/internal/cipherhw (from $GOPATH)

@Henrocker

This comment has been minimized.

Henrocker commented Oct 8, 2018

@vladbondarenko This is why here, I stated, that golang 1.10.4 is needed for this.

@Henrocker

This comment has been minimized.

Henrocker commented Oct 18, 2018

Updated the tutorial in regards to the golang upgrade 1.11.1 in tls-tris, as well as edited my comment above.

@vladbondarenko

This comment has been minimized.

vladbondarenko commented Oct 29, 2018

Thanks. That works on Centos7 also.
but @Henrocker please fix domain and urls in #2080 (comment)
from henrock.net to hnrk.io, I'm tired of being a telepath ))

@Henrocker

This comment has been minimized.

Henrocker commented Oct 29, 2018

@htfy96

This comment has been minimized.

htfy96 commented Nov 15, 2018

The official patch for TLS1.3 support has been merged: golang/go#9671.

@unixfox

This comment has been minimized.

unixfox commented Nov 16, 2018

If you don't want to wait for a new version of Caddy with TLS1.3 support, you just have to install golang from the source code (git) and then build caddy with the patch of @Henrocker:

go get github.com/mholt/caddy
go get github.com/caddyserver/builds
cd $GOPATH/src/github.com/mholt/caddy
wget https://www.hnrk.io/md/caddy.patch
patch -p1 < caddy.patch
cd $GOPATH/src/github.com/mholt/caddy/caddy
go run build.go
@faradaytrs

This comment has been minimized.

faradaytrs commented Nov 23, 2018

@unixfox yeah i did it, workes fine

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment