From c5635f95079c71d459ec20a1024f39285466fbd5 Mon Sep 17 00:00:00 2001
From: Kslr <kslrwang@gmail.com>
Date: Fri, 17 May 2019 17:54:04 +0800
Subject: [PATCH] sync fly, enable tls 1.3

---
 transport/internet/tls/config.go           |  4 ++++
 transport/internet/tls/tls13_workaround.go | 16 ++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 transport/internet/tls/tls13_workaround.go

diff --git a/transport/internet/tls/config.go b/transport/internet/tls/config.go
index 1ac369404..4f8bed7e3 100644
--- a/transport/internet/tls/config.go
+++ b/transport/internet/tls/config.go
@@ -188,6 +188,10 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
 
 	if !c.AllowInsecureCiphers && len(config.CipherSuites) == 0 {
 		config.CipherSuites = []uint16{
+			tls.TLS_AES_128_GCM_SHA256,
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+
 			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
diff --git a/transport/internet/tls/tls13_workaround.go b/transport/internet/tls/tls13_workaround.go
new file mode 100644
index 000000000..fbc3a8b43
--- /dev/null
+++ b/transport/internet/tls/tls13_workaround.go
@@ -0,0 +1,16 @@
+// +build !confonly
+
+package tls
+
+import (
+	"os"
+	"strings"
+)
+
+func init() {
+	// opt-in TLS 1.3 for Go1.12
+	// TODO: remove this line when Go1.13 is released.
+	if !strings.Contains(os.Getenv("GODEBUG"), "tls13") {
+		_ = os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
+	}
+}