Implement TLS 1.3 ciphers

[ghost]

This PR fixes the current issue of missing ciphers when Caddy is configured with TLS 1.3 enabled after compiling it against the latest commit:

● caddy.service - Caddy HTTP/2 web server
   Loaded: loaded (/etc/systemd/system/caddy.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2019-02-26 07:22:32 CET; 16min ago
     Docs: https://caddyserver.com/docs
  Process: 11181 ExecStart=/usr/local/bin/caddy -agree -email letsencrypt@jadja.eu -http2 -log /opt/caddy/log -root /opt/caddy/webroot -conf /opt/caddy/Caddyfile (code=exited, status=1/FAILURE)
 Main PID: 11181 (code=exited, status=1/FAILURE)
      CPU: 23ms

Feb 26 07:22:32 debian systemd[1]: Started Caddy HTTP/2 web server.
Feb 26 07:22:32 debian caddy[11181]: 2019/02/26 07:22:32 /opt/caddy/snippets/ecc-tls-wildcard:6 - Error during parsing: Wrong cipher name or cipher not supported: 'TLS13-AES-128-GCM-SHA256'
Feb 26 07:22:32 debian systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Feb 26 07:22:32 debian systemd[1]: caddy.service: Unit entered failed state.
Feb 26 07:22:32 debian systemd[1]: caddy.service: Failed with result 'exit-code'.

[CLAassistant]

Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[high3eam]

Is there a reason, you haven't put CHACHA20 Cipher to first position under "nonAESNI"?

AFAIK, non AESNI devices benefit from this one specifically.

[elcore]

// CipherSuites is a list of supported cipher suites for TLS versions up to
// TLS 1.2. If CipherSuites is nil, a default list of secure cipher suites
// is used, with a preference order based on hardware performance. The
// default cipher suites might change over Go versions. Note that TLS 1.3
// ciphersuites are not configurable.

golang/go#29349

[elcore]

@whalehub You cannot configure TLS 1.3 ciphers! Please read the Go documentation I have provided you from crypto/tls

[crvv]

The problem is that you write TLS13-AES-128-GCM-SHA256 in your Caddyfile.
But caddy doesn't recognize that value.

With this PR, caddy will recognize the cipher name and it will run with your Caddyfile.
But the cipher configuration doesn't work.

So please don't add TLS 1.3 ciphers in ciphers option in your Caddyfile.

[elcore]

Let's break down your error message Error during parsing: Wrong cipher name or cipher not supported: 'TLS13-AES-128-GCM-SHA256'

Error during parsing:

• We have an error during parsing

Wrong cipher name or cipher not supported

• You cannot add TLS13-AES-128-GCM-SHA256 as it is not part of SupportedCiphersMap

You cannot configure TLS 1.3 ciphers with Go 1.12. Thus it does not make sense to add TLS 1.3 ciphers to your Caddyfile are they are non configurable.

This does not work:

tls.Config{
	CipherSuites: []uint16{tls.TLS_AES_256_GCM_SHA384},
	MinVersion:   tls.VersionTLS13,
}