sync fly, enable tls 1.3

transport/internet/tls/config.go

@@ -188,6 +188,10 @@ func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
 
 	if !c.AllowInsecureCiphers && len(config.CipherSuites) == 0 {
 		config.CipherSuites = []uint16{
+			tls.TLS_AES_128_GCM_SHA256,
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+
 			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

transport/internet/tls/tls13_workaround.go

@@ -0,0 +1,16 @@
+// +build !confonly
+
+package tls
+
+import (
+	"os"
+	"strings"
+)
+
+func init() {
+	// opt-in TLS 1.3 for Go1.12
+	// TODO: remove this line when Go1.13 is released.
+	if !strings.Contains(os.Getenv("GODEBUG"), "tls13") {
+		_ = os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")
+	}
+}