drop support for Go 1.20, build on Go 1.22rc1 on CI (#4195)

* drop support for Go 1.20

* ci: udpate CircleCI to Go 1.21

* qtls: remove unnecessary type aliases

* ci: build using Go 1.22rc1

internal/handshake/crypto_setup.go

@@ -29,7 +29,7 @@ const clientSessionStateRevision = 4
 
 type cryptoSetup struct {
 	tlsConf *tls.Config
-	conn    *qtls.QUICConn
+	conn    *tls.QUICConn
 
 	events []Event
 
@@ -93,12 +93,12 @@ func NewCryptoSetupClient(
 
 	tlsConf = tlsConf.Clone()
 	tlsConf.MinVersion = tls.VersionTLS13
-	quicConf := &qtls.QUICConfig{TLSConfig: tlsConf}
+	quicConf := &tls.QUICConfig{TLSConfig: tlsConf}
 	qtls.SetupConfigForClient(quicConf, cs.marshalDataForSessionState, cs.handleDataFromSessionState)
 	cs.tlsConf = tlsConf
 	cs.allow0RTT = enable0RTT
 
-	cs.conn = qtls.QUICClient(quicConf)
+	cs.conn = tls.QUICClient(quicConf)
 	cs.conn.SetTransportParameters(cs.ourParams.Marshal(protocol.PerspectiveClient))
 
 	return cs
@@ -127,12 +127,12 @@ func NewCryptoSetupServer(
 	)
 	cs.allow0RTT = allow0RTT
 
-	quicConf := &qtls.QUICConfig{TLSConfig: tlsConf}
+	quicConf := &tls.QUICConfig{TLSConfig: tlsConf}
 	qtls.SetupConfigForServer(quicConf, cs.allow0RTT, cs.getDataForSessionTicket, cs.handleSessionTicket)
 	addConnToClientHelloInfo(quicConf.TLSConfig, localAddr, remoteAddr)
 
 	cs.tlsConf = quicConf.TLSConfig
-	cs.conn = qtls.QUICServer(quicConf)
+	cs.conn = tls.QUICServer(quicConf)
 
 	return cs
 }
@@ -264,28 +264,28 @@ func (h *cryptoSetup) handleMessage(data []byte, encLevel protocol.EncryptionLev
 	}
 }
 
-func (h *cryptoSetup) handleEvent(ev qtls.QUICEvent) (done bool, err error) {
+func (h *cryptoSetup) handleEvent(ev tls.QUICEvent) (done bool, err error) {
 	switch ev.Kind {
-	case qtls.QUICNoEvent:
+	case tls.QUICNoEvent:
 		return true, nil
-	case qtls.QUICSetReadSecret:
+	case tls.QUICSetReadSecret:
 		h.SetReadKey(ev.Level, ev.Suite, ev.Data)
 		return false, nil
-	case qtls.QUICSetWriteSecret:
+	case tls.QUICSetWriteSecret:
 		h.SetWriteKey(ev.Level, ev.Suite, ev.Data)
 		return false, nil
-	case qtls.QUICTransportParameters:
+	case tls.QUICTransportParameters:
 		return false, h.handleTransportParameters(ev.Data)
-	case qtls.QUICTransportParametersRequired:
+	case tls.QUICTransportParametersRequired:
 		h.conn.SetTransportParameters(h.ourParams.Marshal(h.perspective))
 		return false, nil
-	case qtls.QUICRejectedEarlyData:
+	case tls.QUICRejectedEarlyData:
 		h.rejected0RTT()
 		return false, nil
-	case qtls.QUICWriteData:
+	case tls.QUICWriteData:
 		h.WriteRecord(ev.Level, ev.Data)
 		return false, nil
-	case qtls.QUICHandshakeDone:
+	case tls.QUICHandshakeDone:
 		h.handshakeComplete()
 		return false, nil
 	default:
@@ -379,7 +379,9 @@ func (h *cryptoSetup) getDataForSessionTicket() []byte {
 // Due to limitations in crypto/tls, it's only possible to generate a single session ticket per connection.
 // It is only valid for the server.
 func (h *cryptoSetup) GetSessionTicket() ([]byte, error) {
-	if err := qtls.SendSessionTicket(h.conn, h.allow0RTT); err != nil {
+	if err := h.conn.SendSessionTicket(tls.QUICSessionTicketOptions{
+		EarlyData: h.allow0RTT,
+	}); err != nil {
 		// Session tickets might be disabled by tls.Config.SessionTicketsDisabled.
 		// We can't check h.tlsConfig here, since the actual config might have been obtained from
 		// the GetConfigForClient callback.
@@ -391,11 +393,11 @@ func (h *cryptoSetup) GetSessionTicket() ([]byte, error) {
 		return nil, err
 	}
 	ev := h.conn.NextEvent()
-	if ev.Kind != qtls.QUICWriteData || ev.Level != qtls.QUICEncryptionLevelApplication {
+	if ev.Kind != tls.QUICWriteData || ev.Level != tls.QUICEncryptionLevelApplication {
 		panic("crypto/tls bug: where's my session ticket?")
 	}
 	ticket := ev.Data
-	if ev := h.conn.NextEvent(); ev.Kind != qtls.QUICNoEvent {
+	if ev := h.conn.NextEvent(); ev.Kind != tls.QUICNoEvent {
 		panic("crypto/tls bug: why more than one ticket?")
 	}
 	return ticket, nil
@@ -442,12 +444,12 @@ func (h *cryptoSetup) rejected0RTT() {
 	}
 }
 
-func (h *cryptoSetup) SetReadKey(el qtls.QUICEncryptionLevel, suiteID uint16, trafficSecret []byte) {
+func (h *cryptoSetup) SetReadKey(el tls.QUICEncryptionLevel, suiteID uint16, trafficSecret []byte) {
 	suite := getCipherSuite(suiteID)
 	h.mutex.Lock()
 	//nolint:exhaustive // The TLS stack doesn't export Initial keys.
 	switch el {
-	case qtls.QUICEncryptionLevelEarly:
+	case tls.QUICEncryptionLevelEarly:
 		if h.perspective == protocol.PerspectiveClient {
 			panic("Received 0-RTT read key for the client")
 		}
@@ -459,7 +461,7 @@ func (h *cryptoSetup) SetReadKey(el qtls.QUICEncryptionLevel, suiteID uint16, tr
 		if h.logger.Debug() {
 			h.logger.Debugf("Installed 0-RTT Read keys (using %s)", tls.CipherSuiteName(suite.ID))
 		}
-	case qtls.QUICEncryptionLevelHandshake:
+	case tls.QUICEncryptionLevelHandshake:
 		h.handshakeOpener = newLongHeaderOpener(
 			createAEAD(suite, trafficSecret, h.version),
 			newHeaderProtector(suite, trafficSecret, true, h.version),
@@ -467,7 +469,7 @@ func (h *cryptoSetup) SetReadKey(el qtls.QUICEncryptionLevel, suiteID uint16, tr
 		if h.logger.Debug() {
 			h.logger.Debugf("Installed Handshake Read keys (using %s)", tls.CipherSuiteName(suite.ID))
 		}
-	case qtls.QUICEncryptionLevelApplication:
+	case tls.QUICEncryptionLevelApplication:
 		h.aead.SetReadKey(suite, trafficSecret)
 		h.has1RTTOpener = true
 		if h.logger.Debug() {
@@ -483,7 +485,7 @@ func (h *cryptoSetup) SetReadKey(el qtls.QUICEncryptionLevel, suiteID uint16, tr
 	}
 }
 
-func (h *cryptoSetup) SetWriteKey(el qtls.QUICEncryptionLevel, suiteID uint16, trafficSecret []byte) {
+func (h *cryptoSetup) SetWriteKey(el tls.QUICEncryptionLevel, suiteID uint16, trafficSecret []byte) {
 	suite := getCipherSuite(suiteID)
 	h.mutex.Lock()
 	//nolint:exhaustive // The TLS stack doesn't export Initial keys.
@@ -505,7 +507,7 @@ func (h *cryptoSetup) SetWriteKey(el qtls.QUICEncryptionLevel, suiteID uint16, t
 		}
 		// don't set used0RTT here. 0-RTT might still get rejected.
 		return
-	case qtls.QUICEncryptionLevelHandshake:
+	case tls.QUICEncryptionLevelHandshake:
 		h.handshakeSealer = newLongHeaderSealer(
 			createAEAD(suite, trafficSecret, h.version),
 			newHeaderProtector(suite, trafficSecret, true, h.version),
@@ -513,7 +515,7 @@ func (h *cryptoSetup) SetWriteKey(el qtls.QUICEncryptionLevel, suiteID uint16, t
 		if h.logger.Debug() {
 			h.logger.Debugf("Installed Handshake Write keys (using %s)", tls.CipherSuiteName(suite.ID))
 		}
-	case qtls.QUICEncryptionLevelApplication:
+	case tls.QUICEncryptionLevelApplication:
 		h.aead.SetWriteKey(suite, trafficSecret)
 		h.has1RTTSealer = true
 		if h.logger.Debug() {
@@ -692,7 +694,7 @@ func (h *cryptoSetup) ConnectionState() ConnectionState {
 
 func wrapError(err error) error {
 	// alert 80 is an internal error
-	if alertErr := qtls.AlertError(0); errors.As(err, &alertErr) && alertErr != 80 {
+	if alertErr := tls.AlertError(0); errors.As(err, &alertErr) && alertErr != 80 {
 		return qerr.NewLocalCryptoError(uint8(alertErr), err)
 	}
 	return &qerr.TransportError{ErrorCode: qerr.InternalError, ErrorMessage: err.Error()}

internal/handshake/crypto_setup_test.go

@@ -9,8 +9,6 @@ import (
 	"math/big"
 	"net"
 	"reflect"
-	"runtime"
-	"strings"
 	"time"
 
 	mocktls "github.com/quic-go/quic-go/internal/mocks/tls"
@@ -462,10 +460,8 @@ var _ = Describe("Crypto Setup TLS", func() {
 				Eventually(receivedSessionTicket).Should(BeClosed())
 				Expect(server.ConnectionState().DidResume).To(BeTrue())
 				Expect(client.ConnectionState().DidResume).To(BeTrue())
-				if !strings.Contains(runtime.Version(), "go1.20") {
-					Expect(clientRTTStats.SmoothedRTT()).To(Equal(clientRTT))
-					Expect(serverRTTStats.SmoothedRTT()).To(Equal(serverRTT))
-				}
+				Expect(clientRTTStats.SmoothedRTT()).To(Equal(clientRTT))
+				Expect(serverRTTStats.SmoothedRTT()).To(Equal(serverRTT))
 			})
 
 			It("doesn't use session resumption if the server disabled it", func() {

internal/qerr/error_codes.go

@@ -1,9 +1,8 @@
 package qerr
 
 import (
+	"crypto/tls"
 	"fmt"
-
-	"github.com/quic-go/quic-go/internal/qtls"
 )
 
 // TransportErrorCode is a QUIC transport error.
@@ -40,7 +39,7 @@ func (e TransportErrorCode) Message() string {
 	if !e.IsCryptoError() {
 		return ""
 	}
-	return qtls.AlertError(e - 0x100).Error()
+	return tls.AlertError(e - 0x100).Error()
 }
 
 func (e TransportErrorCode) String() string {

internal/qtls/cipher_suite.go

@@ -1,5 +1,3 @@
-//go:build go1.21
-
 package qtls
 
 import (

internal/qtls/cipher_suite_test.go

@@ -1,5 +1,3 @@
-//go:build go1.21
-
 package qtls
 
 import (

internal/qtls/client_session_cache_test.go

@@ -1,5 +1,3 @@
-//go:build go1.21
-
 package qtls
 
 import (

internal/qtls/go120.go

@@ -1,157 +0,0 @@
-//go:build go1.20 && !go1.21
-
-package qtls
-
-import (
-	"crypto/tls"
-	"fmt"
-	"unsafe"
-
-	"github.com/quic-go/quic-go/internal/protocol"
-
-	"github.com/quic-go/qtls-go1-20"
-)
-
-type (
-	QUICConn            = qtls.QUICConn
-	QUICConfig          = qtls.QUICConfig
-	QUICEvent           = qtls.QUICEvent
-	QUICEventKind       = qtls.QUICEventKind
-	QUICEncryptionLevel = qtls.QUICEncryptionLevel
-	AlertError          = qtls.AlertError
-)
-
-const (
-	QUICEncryptionLevelInitial     = qtls.QUICEncryptionLevelInitial
-	QUICEncryptionLevelEarly       = qtls.QUICEncryptionLevelEarly
-	QUICEncryptionLevelHandshake   = qtls.QUICEncryptionLevelHandshake
-	QUICEncryptionLevelApplication = qtls.QUICEncryptionLevelApplication
-)
-
-const (
-	QUICNoEvent                     = qtls.QUICNoEvent
-	QUICSetReadSecret               = qtls.QUICSetReadSecret
-	QUICSetWriteSecret              = qtls.QUICSetWriteSecret
-	QUICWriteData                   = qtls.QUICWriteData
-	QUICTransportParameters         = qtls.QUICTransportParameters
-	QUICTransportParametersRequired = qtls.QUICTransportParametersRequired
-	QUICRejectedEarlyData           = qtls.QUICRejectedEarlyData
-	QUICHandshakeDone               = qtls.QUICHandshakeDone
-)
-
-func SetupConfigForServer(conf *QUICConfig, enable0RTT bool, getDataForSessionTicket func() []byte, handleSessionTicket func([]byte, bool) bool) {
-	qtls.InitSessionTicketKeys(conf.TLSConfig)
-	conf.TLSConfig = conf.TLSConfig.Clone()
-	conf.TLSConfig.MinVersion = tls.VersionTLS13
-	conf.ExtraConfig = &qtls.ExtraConfig{
-		Enable0RTT: enable0RTT,
-		Accept0RTT: func(data []byte) bool {
-			return handleSessionTicket(data, true)
-		},
-		GetAppDataForSessionTicket: getDataForSessionTicket,
-	}
-}
-
-func SetupConfigForClient(
-	conf *QUICConfig,
-	getDataForSessionState func(earlyData bool) []byte,
-	setDataFromSessionState func(data []byte, earlyData bool) (allowEarlyData bool),
-) {
-	conf.ExtraConfig = &qtls.ExtraConfig{
-		GetAppDataForSessionState: func() []byte {
-			// qtls only calls the GetAppDataForSessionState when doing 0-RTT
-			return getDataForSessionState(true)
-		},
-		SetAppDataFromSessionState: func(data []byte) (allowEarlyData bool) {
-			// qtls only calls the SetAppDataFromSessionState for 0-RTT enabled tickets
-			return setDataFromSessionState(data, true)
-		},
-	}
-}
-
-func QUICServer(config *QUICConfig) *QUICConn {
-	return qtls.QUICServer(config)
-}
-
-func QUICClient(config *QUICConfig) *QUICConn {
-	return qtls.QUICClient(config)
-}
-
-func ToTLSEncryptionLevel(e protocol.EncryptionLevel) qtls.QUICEncryptionLevel {
-	switch e {
-	case protocol.EncryptionInitial:
-		return qtls.QUICEncryptionLevelInitial
-	case protocol.EncryptionHandshake:
-		return qtls.QUICEncryptionLevelHandshake
-	case protocol.Encryption1RTT:
-		return qtls.QUICEncryptionLevelApplication
-	case protocol.Encryption0RTT:
-		return qtls.QUICEncryptionLevelEarly
-	default:
-		panic(fmt.Sprintf("unexpected encryption level: %s", e))
-	}
-}
-
-func FromTLSEncryptionLevel(e qtls.QUICEncryptionLevel) protocol.EncryptionLevel {
-	switch e {
-	case qtls.QUICEncryptionLevelInitial:
-		return protocol.EncryptionInitial
-	case qtls.QUICEncryptionLevelHandshake:
-		return protocol.EncryptionHandshake
-	case qtls.QUICEncryptionLevelApplication:
-		return protocol.Encryption1RTT
-	case qtls.QUICEncryptionLevelEarly:
-		return protocol.Encryption0RTT
-	default:
-		panic(fmt.Sprintf("unexpect encryption level: %s", e))
-	}
-}
-
-//go:linkname cipherSuitesTLS13 github.com/quic-go/qtls-go1-20.cipherSuitesTLS13
-var cipherSuitesTLS13 []unsafe.Pointer
-
-//go:linkname defaultCipherSuitesTLS13 github.com/quic-go/qtls-go1-20.defaultCipherSuitesTLS13
-var defaultCipherSuitesTLS13 []uint16
-
-//go:linkname defaultCipherSuitesTLS13NoAES github.com/quic-go/qtls-go1-20.defaultCipherSuitesTLS13NoAES
-var defaultCipherSuitesTLS13NoAES []uint16
-
-var cipherSuitesModified bool
-
-// SetCipherSuite modifies the cipherSuiteTLS13 slice of cipher suites inside qtls
-// such that it only contains the cipher suite with the chosen id.
-// The reset function returned resets them back to the original value.
-func SetCipherSuite(id uint16) (reset func()) {
-	if cipherSuitesModified {
-		panic("cipher suites modified multiple times without resetting")
-	}
-	cipherSuitesModified = true
-
-	origCipherSuitesTLS13 := append([]unsafe.Pointer{}, cipherSuitesTLS13...)
-	origDefaultCipherSuitesTLS13 := append([]uint16{}, defaultCipherSuitesTLS13...)
-	origDefaultCipherSuitesTLS13NoAES := append([]uint16{}, defaultCipherSuitesTLS13NoAES...)
-	// The order is given by the order of the slice elements in cipherSuitesTLS13 in qtls.
-	switch id {
-	case tls.TLS_AES_128_GCM_SHA256:
-		cipherSuitesTLS13 = cipherSuitesTLS13[:1]
-	case tls.TLS_CHACHA20_POLY1305_SHA256:
-		cipherSuitesTLS13 = cipherSuitesTLS13[1:2]
-	case tls.TLS_AES_256_GCM_SHA384:
-		cipherSuitesTLS13 = cipherSuitesTLS13[2:]
-	default:
-		panic(fmt.Sprintf("unexpected cipher suite: %d", id))
-	}
-	defaultCipherSuitesTLS13 = []uint16{id}
-	defaultCipherSuitesTLS13NoAES = []uint16{id}
-
-	return func() {
-		cipherSuitesTLS13 = origCipherSuitesTLS13
-		defaultCipherSuitesTLS13 = origDefaultCipherSuitesTLS13
-		defaultCipherSuitesTLS13NoAES = origDefaultCipherSuitesTLS13NoAES
-		cipherSuitesModified = false
-	}
-}
-
-func SendSessionTicket(c *QUICConn, allow0RTT bool) error {
-	return c.SendSessionTicket(allow0RTT)
-}

internal/qtls/go120_test.go

@@ -1,28 +0,0 @@
-//go:build !go1.21
-
-package qtls
-
-import (
-	"github.com/quic-go/quic-go/internal/protocol"
-
-	"github.com/quic-go/qtls-go1-20"
-
-	. "github.com/onsi/ginkgo/v2"
-	. "github.com/onsi/gomega"
-)
-
-var _ = Describe("Go 1.20", func() {
-	It("converts to qtls.EncryptionLevel", func() {
-		Expect(ToTLSEncryptionLevel(protocol.EncryptionInitial)).To(Equal(qtls.QUICEncryptionLevelInitial))
-		Expect(ToTLSEncryptionLevel(protocol.EncryptionHandshake)).To(Equal(qtls.QUICEncryptionLevelHandshake))
-		Expect(ToTLSEncryptionLevel(protocol.Encryption1RTT)).To(Equal(qtls.QUICEncryptionLevelApplication))
-		Expect(ToTLSEncryptionLevel(protocol.Encryption0RTT)).To(Equal(qtls.QUICEncryptionLevelEarly))
-	})
-
-	It("converts from qtls.EncryptionLevel", func() {
-		Expect(FromTLSEncryptionLevel(qtls.QUICEncryptionLevelInitial)).To(Equal(protocol.EncryptionInitial))
-		Expect(FromTLSEncryptionLevel(qtls.QUICEncryptionLevelHandshake)).To(Equal(protocol.EncryptionHandshake))
-		Expect(FromTLSEncryptionLevel(qtls.QUICEncryptionLevelApplication)).To(Equal(protocol.Encryption1RTT))
-		Expect(FromTLSEncryptionLevel(qtls.QUICEncryptionLevelEarly)).To(Equal(protocol.Encryption0RTT))
-	})
-})

internal/qtls/go_oldversion.go

@@ -1,5 +0,0 @@
-//go:build !go1.20
-
-package qtls
-
-var _ int = "The version of quic-go you're using can't be built using outdated Go versions. For more details, please see https://github.com/quic-go/quic-go/wiki/quic-go-and-Go-versions."

internal/qtls/qtls.go

@@ -1,5 +1,3 @@
-//go:build go1.21
-
 package qtls
 
 import (
@@ -11,13 +9,7 @@ import (
 )
 
 type (
-	QUICConn                 = tls.QUICConn
-	QUICConfig               = tls.QUICConfig
-	QUICEvent                = tls.QUICEvent
-	QUICEventKind            = tls.QUICEventKind
-	QUICEncryptionLevel      = tls.QUICEncryptionLevel
-	QUICSessionTicketOptions = tls.QUICSessionTicketOptions
-	AlertError               = tls.AlertError
+	QUICEncryptionLevel = tls.QUICEncryptionLevel
 )
 
 const (
@@ -27,21 +19,7 @@ const (
 	QUICEncryptionLevelApplication = tls.QUICEncryptionLevelApplication
 )
 
-const (
-	QUICNoEvent                     = tls.QUICNoEvent
-	QUICSetReadSecret               = tls.QUICSetReadSecret
-	QUICSetWriteSecret              = tls.QUICSetWriteSecret
-	QUICWriteData                   = tls.QUICWriteData
-	QUICTransportParameters         = tls.QUICTransportParameters
-	QUICTransportParametersRequired = tls.QUICTransportParametersRequired
-	QUICRejectedEarlyData           = tls.QUICRejectedEarlyData
-	QUICHandshakeDone               = tls.QUICHandshakeDone
-)
-
-func QUICServer(config *QUICConfig) *QUICConn { return tls.QUICServer(config) }
-func QUICClient(config *QUICConfig) *QUICConn { return tls.QUICClient(config) }
-
-func SetupConfigForServer(qconf *QUICConfig, _ bool, getData func() []byte, handleSessionTicket func([]byte, bool) bool) {
+func SetupConfigForServer(qconf *tls.QUICConfig, _ bool, getData func() []byte, handleSessionTicket func([]byte, bool) bool) {
 	conf := qconf.TLSConfig
 
 	// Workaround for https://github.com/golang/go/issues/60506.
@@ -94,7 +72,7 @@ func SetupConfigForServer(qconf *QUICConfig, _ bool, getData func() []byte, hand
 }
 
 func SetupConfigForClient(
-	qconf *QUICConfig,
+	qconf *tls.QUICConfig,
 	getData func(earlyData bool) []byte,
 	setData func(data []byte, earlyData bool) (allowEarlyData bool),
 ) {
@@ -155,9 +133,3 @@ func findExtraData(extras [][]byte) []byte {
 	}
 	return nil
 }
-
-func SendSessionTicket(c *QUICConn, allow0RTT bool) error {
-	return c.SendSessionTicket(tls.QUICSessionTicketOptions{
-		EarlyData: allow0RTT,
-	})
-}

internal/qtls/qtls_test.go

@@ -1,5 +1,3 @@
-//go:build go1.21
-
 package qtls
 
 import (
@@ -29,14 +27,14 @@ var _ = Describe("Go 1.21", func() {
 	Context("setting up a tls.Config for the client", func() {
 		It("sets up a session cache if there's one present on the config", func() {
 			csc := tls.NewLRUClientSessionCache(1)
-			conf := &QUICConfig{TLSConfig: &tls.Config{ClientSessionCache: csc}}
+			conf := &tls.QUICConfig{TLSConfig: &tls.Config{ClientSessionCache: csc}}
 			SetupConfigForClient(conf, nil, nil)
 			Expect(conf.TLSConfig.ClientSessionCache).ToNot(BeNil())
 			Expect(conf.TLSConfig.ClientSessionCache).ToNot(Equal(csc))
 		})
 
 		It("doesn't set up a session cache if there's none present on the config", func() {
-			conf := &QUICConfig{TLSConfig: &tls.Config{}}
+			conf := &tls.QUICConfig{TLSConfig: &tls.Config{}}
 			SetupConfigForClient(conf, nil, nil)
 			Expect(conf.TLSConfig.ClientSessionCache).To(BeNil())
 		})
@@ -45,7 +43,7 @@ var _ = Describe("Go 1.21", func() {
 	Context("setting up a tls.Config for the server", func() {
 		It("sets the minimum TLS version to TLS 1.3", func() {
 			orig := &tls.Config{MinVersion: tls.VersionTLS12}
-			conf := &QUICConfig{TLSConfig: orig}
+			conf := &tls.QUICConfig{TLSConfig: orig}
 			SetupConfigForServer(conf, false, nil, nil)
 			Expect(conf.TLSConfig.MinVersion).To(BeEquivalentTo(tls.VersionTLS13))
 			// check that the original config wasn't modified