Closed
Description
What version of Go are you using (go version)?
go version devel +e3b4b7baad Tue Dec 18 23:01:06 2018 +0000 darwin/amd64
Does this issue reproduce with the latest release?
Yes if 1.12beta1 is the latest release.
What operating system and processor architecture are you using (go env)?
go env Output
GOARCH="amd64" GOBIN="" GOCACHE="/Users/crvv/Library/Caches/go-build" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="darwin" GOOS="darwin" GOPATH="/Users/crvv/Develop/go" GOPROXY="" GORACE="" GOROOT="/Users/crvv/Develop/goroot" GOTMPDIR="" GOTOOLDIR="/Users/crvv/Develop/goroot/pkg/tool/darwin_amd64" GCCGO="gccgo" CC="clang" CXX="clang++" CGO_ENABLED="1" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/x1/1pp78x6d3n99gpx9f7rz2_rh0000gn/T/go-build965128833=/tmp/go-build -gno-record-gcc-switches -fno-common"
What did you do?
Run the following code with GODEBUG=http2server=0 go run main.go
package main
import (
"crypto/tls"
"log"
"net/http"
)
func main() {
server := http.Server{
Addr: "localhost:2443",
TLSConfig: &tls.Config{
CipherSuites: []uint16{tls.TLS_CHACHA20_POLY1305_SHA256},
MinVersion: tls.VersionTLS13,
},
}
log.Fatal(server.ListenAndServeTLS("localhost.pem", "localhost-key.pem"))
}and openssl s_client -connect localhost:2443
What did you expect to see?
A TLS 1.3 connection with TLS_CHACHA20_POLY1305_SHA256 cipher.
What did you see instead?
SSL handshake has read 1603 bytes and written 391 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
It looks like Config.CipherSuites isn't used in TLS 1.3.
If this is the desired behavior, I think it should be documented in https://tip.golang.org/pkg/crypto/tls/