caddy: tls_cipher is not logged correctly with TLSv1.3

1. Which version of Caddy are you using (caddy -version)?

0.11.5.

2. What are you trying to do?

Have caddy log the tls_cipher that the client and server negotiated with TLSv1.3

4. How did you run Caddy (give the full command and describe the execution environment)?

Can re reproduced simply by running caddy.

6. What did you expect to see?

I expect the logs to contain the TLS cipher like “TLS_AES_128_GCM_SHA256”.

7. What did you see instead (give full error messages and/or log)?

“UNKNOWN” is seen in the logs.

8. Why is this a bug, and how do you think this should be fixed?

It looks like config.go needs the 1.3 cipher suites added to SupportedCiphersMap which is used by GetSupportedCipherName

https://github.com/mholt/caddy/blob/72d0debde6bf01b5fdce0a4f3dc2b35cba28241a/caddytls/config.go#L457

The lack of the TLSv1.3 cipher suite IDs means that the logged suite will be “UNKNOWN”, and that the tls_cipher environment variable that the fastcgi module sets here:

https://github.com/mholt/caddy/blob/053373a38519d8cdf4ee7582ed9dc6ce239597cc/caddyhttp/fastcgi/fastcgi.go#L341

The go docs seem to indicate that the TLSv1.3 constants are there, so I think this is a matter of adding a few more IDs to the map, something like:

...
"TLS_AES_128_GCM_SHA256": tls.TLS_AES_128_GCM_SHA256,
"TLS_AES_256_GCM_SHA384": tls.TLS_AES_256_GCM_SHA384,
"TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256

Looking a bit hard through, it looks like this map is also used for configuring caddy. Since Go’s ciphers are not configurable for TLSv1.3, adding them to the existing map is likely not correct.

https://github.com/mholt/caddy/blob/72d0debde6bf01b5fdce0a4f3dc2b35cba28241a/caddytls/setup.go#L200