tls: Enable TLS 1.3 by default; set sane defaults on tls.Config structs

author: Matthew Holt <mholt@users.noreply.github.com> 2019-07-01 11:47:46 -0600
committer: Matthew Holt <mholt@users.noreply.github.com> 2019-07-01 11:47:46 -0600
commit: 533d1afb4b4e61dc34282f5be88014f0952c9a00 (patch)
tree: 53b222366a0182270117f457be397a7b5d76a82f /modules/caddytls/tls.go
parent: 9f8d3611eb9e29d673542877c3cc06a7456a5eea (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index 619aaee..b38657b 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -18,7 +18,9 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
+	"log"
 	"net/http"
+	"os"
 	"time"
 
 	"github.com/caddyserver/caddy"
@@ -32,6 +34,12 @@ func init() {
 		Name: "tls",
 		New:  func() interface{} { return new(TLS) },
 	})
+
+	// opt-in TLS 1.3 for Go1.12
+	// TODO: remove this line when Go1.13 is released.
+	if err := os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1"); err != nil {
+		log.Println("[ERROR] failed to set environment variable: ", err)
+	}
 }
 
 // TLS represents a process-wide TLS configuration.
author	Matthew Holt <mholt@users.noreply.github.com>	2019-07-01 11:47:46 -0600
committer	Matthew Holt <mholt@users.noreply.github.com>	2019-07-01 11:47:46 -0600
commit	533d1afb4b4e61dc34282f5be88014f0952c9a00 (patch)
tree	53b222366a0182270117f457be397a7b5d76a82f /modules/caddytls/tls.go
parent	9f8d3611eb9e29d673542877c3cc06a7456a5eea (diff)