From 533d1afb4b4e61dc34282f5be88014f0952c9a00 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Mon, 1 Jul 2019 11:47:46 -0600
Subject: tls: Enable TLS 1.3 by default; set sane defaults on tls.Config
 structs

---
 modules/caddytls/tls.go | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'modules/caddytls/tls.go')

diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index 619aaee..b38657b 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -18,7 +18,9 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
+	"log"
 	"net/http"
+	"os"
 	"time"
 
 	"github.com/caddyserver/caddy"
@@ -32,6 +34,12 @@ func init() {
 		Name: "tls",
 		New:  func() interface{} { return new(TLS) },
 	})
+
+	// opt-in TLS 1.3 for Go1.12
+	// TODO: remove this line when Go1.13 is released.
+	if err := os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1"); err != nil {
+		log.Println("[ERROR] failed to set environment variable: ", err)
+	}
 }
 
 // TLS represents a process-wide TLS configuration.
-- 
cgit v1.2.3