You know, HTTP/3 is the new name for QUIC, also (previously?) called "HTTP over QUIC" as it seems.
AFAIK it is not yet standardized and no one supports it yet, (seems there are still some technical differences to QUIC, see test site below) but it may soon… :smile:
And Caddy can be one of the first to support it. :smiley:
There is even already a test site:
https://http3.info/
rugk
All 9 comments
According to the test site, Caddy does support HTTP/3 (HTTP over QUIC) :thinking:
elcore
on 30 Jan 2019
Really? I've actually tried https://caddyserver.com/ to be sure that it fails and the test failed…
rugk
on 30 Jan 2019
QUIC is an experimental feature, and we don't use it on the Caddy site. You'll have to test it on a Caddy server instance that has QUIC enabled.
And I'm pretty sure ours is not the IETF-standard QUIC.
mholt
on 30 Jan 2019
And I'm pretty sure ours is not the IETF-standard QUIC.
That might be the case, Lucas Clemente apparently is working on it (https://github.com/lucas-clemente/quic-go/issues/1241)
elcore
on 30 Jan 2019
quic-go (roughly) support the current QUIC WG draft, but not yet the new HTTP/3 mapping (including QPACK).
marten-seemann
on 31 Jan 2019
I run caddy and get: HTTP/3 = True.
https://http3.info/api/hnrk.io
Caddy 0.11.1 (+0b83014 Mon Dec 24 13:00:12 UTC 2018) (unofficial)
4 files changed, 35 insertions(+), 12 deletions(-)
caddy/caddymain/run.go
caddyhttp/browse/setup.go
caddytls/config.go
vendor/github.com/lucas-clemente/quic-go/internal/crypto/cert_chain.go
With version 0.11.3, I'm achieving the same result.
$ ./caddy -version
VW-Caddy 0.11.3 (+2ea544e Wed Feb 06 06:44:20 UTC 2019) (unofficial)
3 files changed, 22 insertions(+), 8 deletions(-)
caddy/caddymain/run.go
caddyhttp/browse/setup.go
caddytls/config.go
Patch of caddytls/config.go, because I've compiled caddy with golang1.12beta2:
diff --git a/caddytls/config.go b/caddytls/config.go
index 8cf61e4..bb1c717 100644
--- a/caddytls/config.go
+++ b/caddytls/config.go
@@ -560,7 +560,7 @@ func SetDefaultTLSParams(config *Config) {
config.ProtocolMinVersion = tls.VersionTLS12
}
if config.ProtocolMaxVersion == 0 {
- config.ProtocolMaxVersion = tls.VersionTLS12
+ config.ProtocolMaxVersion = tls.VersionTLS13
}
// Prefer server cipher suites
@@ -583,6 +583,7 @@ var SupportedProtocols = map[string]uint16{
"tls1.0": tls.VersionTLS10,
"tls1.1": tls.VersionTLS11,
"tls1.2": tls.VersionTLS12,
+ "tls1.3": tls.VersionTLS13,
}
// GetSupportedProtocolName returns the protocol name
@@ -607,6 +608,9 @@ func GetSupportedProtocolName(protocol uint16) (string, error) {
//
// This map, like any map, is NOT ORDERED. Do not range over this map.
var SupportedCiphersMap = map[string]uint16{
+ "TLS13-AES-256-GCM-SHA384": tls.TLS_AES_256_GCM_SHA384,
+ "TLS13-AES-128-GCM-SHA256": tls.TLS_AES_128_GCM_SHA256,
+ "TLS13-CHACHA20-POLY1305-SHA256": tls.TLS_CHACHA20_POLY1305_SHA256,
"ECDHE-ECDSA-AES256-GCM-SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"ECDHE-RSA-AES256-GCM-SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"ECDHE-ECDSA-AES128-GCM-SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -617,10 +621,7 @@ var SupportedCiphersMap = map[string]uint16{
"ECDHE-RSA-AES128-CBC-SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
"ECDHE-ECDSA-AES256-CBC-SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
"ECDHE-ECDSA-AES128-CBC-SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- "RSA-AES256-CBC-SHA": tls.TLS_RSA_WITH_AES_256_CBC_SHA,
- "RSA-AES128-CBC-SHA": tls.TLS_RSA_WITH_AES_128_CBC_SHA,
"ECDHE-RSA-3DES-EDE-CBC-SHA": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
- "RSA-3DES-EDE-CBC-SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
}
// GetSupportedCipherName returns the cipher name
@@ -636,6 +637,9 @@ func GetSupportedCipherName(cipher uint16) (string, error) {
// List of all the ciphers we want to use by default
var defaultCiphers = []uint16{
+ tls.TLS_AES_256_GCM_SHA384,
+ tls.TLS_AES_128_GCM_SHA256,
+ tls.TLS_CHACHA20_POLY1305_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -650,6 +654,9 @@ var defaultCiphers = []uint16{
// List of ciphers we should prefer if native AESNI support is missing
var defaultCiphersNonAESNI = []uint16{
+ tls.TLS_CHACHA20_POLY1305_SHA256,
+ tls.TLS_AES_256_GCM_SHA384,
+ tls.TLS_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
@@ -691,6 +698,7 @@ var supportedCurvesMap = map[string]tls.CurveID{
// The latter ones can be found here: https://github.com/golang/go/tree/master/src/crypto/elliptic
var defaultCurves = []tls.CurveID{
tls.X25519,
+ tls.CurveP384,
tls.CurveP256,
}
Henrocker
on 31 Jan 2019
BTW https://github.com/lucas-clemente/quic-go/issues/1241 has been fixed.
rugk
on 11 Apr 2019
As long as there's no browser support, it doesn't make sense to have server support.
I'll send a PR once it actually makes sense to support HTTP/3.
marten-seemann
on 11 Apr 2019
Hm, darn:
This site works though: https://www.http3check.net/
mholt
on 6 Nov 2019
Related issues
la0wei
·
3Comments
mikolysz
·
3Comments
xfzka
·
3Comments
SteffenDE
·
3Comments
aeroxy
·
3Comments
Most helpful comment
I run caddy and get: HTTP/3 = True.
https://http3.info/api/hnrk.io
$ ./caddy -version
Caddy 0.11.1 (+0b83014 Mon Dec 24 13:00:12 UTC 2018) (unofficial)
4 files changed, 35 insertions(+), 12 deletions(-)
caddy/caddymain/run.go
caddyhttp/browse/setup.go
caddytls/config.go
vendor/github.com/lucas-clemente/quic-go/internal/crypto/cert_chain.go
With version 0.11.3, I'm achieving the same result.
Patch of
caddytls/config.go, because I've compiled caddy with golang1.12beta2: