Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
caddytls: add TLS 1.3 support #2399
1. What does this change do, exactly?
add TLS 1.3
2. Please link to the relevant issues.
3. Which documentation changes (if any) need to be made because of this PR?
If caddy should be able to be built by Go 1.11 after the releasing of 1.12, I think this PR can be accepted now.
Nice, thanks for jumping on this. (Realizing that, of course, this is a temporary solution, as once Go 1.12 is released, we can just update it in-place.)
While we're at it, can we remove the CBC ciphers from the defaultCiphers lists? I think we should take this opportunity to modernize Caddy's TLS config to be up to snuff with the latest: TLS 1.2 and 1.3.
I tested this on SSL Labs. The result is https://www.ssllabs.com/ssltest/analyze.html?d=tw.crvv.me&hideResults=on
With Let's Encrypt RSA certificates, the failed clients are
Is that OK?
I do not think this should be an issue.