When tls 1.3 is used, golang (and thus gorouter) will always use the cipher suites listed here, no matter what the operator provides here. So technically the operator doesn’t need to provide any tls 1.3 cipher suites.
However, currently, if an operator does provide a tls 1.3 cipher suite in openssl format, gorouter will fail. This is a bad user experience.
Even though gorouter will ignore these cipher suites and always use golang's defaults for tls 1.3 we shouldn't fail if they are provided.
Summary
When tls 1.3 is used, golang (and thus gorouter) will always use the cipher suites listed here, no matter what the operator provides here. So technically the operator doesn’t need to provide any tls 1.3 cipher suites.
However, currently, if an operator does provide a tls 1.3 cipher suite in openssl format, gorouter will fail. This is a bad user experience.
Even though gorouter will ignore these cipher suites and always use golang's defaults for tls 1.3 we shouldn't fail if they are provided.
Backward Compatibility
Breaking Change? No