Caddy 0.11.5 - TLS issues on IE11?


(Magikstm) #1

Latest changes make main site and forum not usable on IE11.

Is it :

  • Because the minimum protocol version has been pushed to tls1.3?
  • Because the default protocol min and max versions don’t work on IE11?

IE11 is still supported and used on Windows 7, Windows 8.1 and Windows 10.

These users don’t get a chance to fix the issue and become a lost user or customer.


(Matthew Fay) #2

See relevant threads at Github:


(Magikstm) #3

Max version has been pushed to TLS 1.3, but according to the docs and according to the code I believe IE11 on Windows 7 x64 should be able to use TLS 1.2 with Caddy 0.11.5.

It doesn’t seem to work correctly for these sites.


(Matthew Fay) #4

I don’t believe it’s related to TLS version itself, but rather to the cipher suite selection.


(Magikstm) #5

I don’t believe it’s related to TLS version itself, but rather to the cipher suite selection.

Hmm. Maybe.

I tried to validate ciphers available in Caddy compared to the ones I have in IE11.

According to this website: https://www.ssllabs.com/ssltest/viewMyClient.html

IE11 on my Windows 7 x64 machine supports these:

TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ( 0xc028 ) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ( 0xc027 ) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ( 0xc014 ) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ( 0xc013 ) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ( 0x9f ) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ( 0x9e ) Forward Secrecy 128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA ( 0x39 ) Forward Secrecy 256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA ( 0x33 ) Forward Secrecy 128
TLS_RSA_WITH_AES_256_GCM_SHA384 ( 0x9d ) WEAK 256
TLS_RSA_WITH_AES_128_GCM_SHA256 ( 0x9c ) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA256 ( 0x3d ) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA256 ( 0x3c ) WEAK 128
TLS_RSA_WITH_AES_256_CBC_SHA ( 0x35 ) WEAK 256
TLS_RSA_WITH_AES_128_CBC_SHA ( 0x2f ) WEAK 128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ( 0xc02c ) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ( 0xc02b ) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ( 0xc024 ) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ( 0xc023 ) Forward Secrecy 128
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ( 0xc00a ) Forward Secrecy 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ( 0xc009 ) Forward Secrecy 128
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 ( 0x6a ) Forward Secrecy2 256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 ( 0x40 ) Forward Secrecy2 128
TLS_DHE_DSS_WITH_AES_256_CBC_SHA ( 0x38 ) Forward Secrecy2 256
TLS_DHE_DSS_WITH_AES_128_CBC_SHA ( 0x32 ) Forward Secrecy2 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA ( 0xa ) WEAK 112
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA ( 0x13 ) WEAK 112
Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets No
OCSP stapling Yes
Signature algorithms SHA512/RSA, SHA512/ECDSA, SHA256/RSA, SHA384/RSA, SHA1/RSA, SHA256/ECDSA, SHA384/ECDSA, SHA1/ECDSA, SHA1/DSA
Named Groups secp256r1, secp384r1
Next Protocol Negotiation No
Application Layer Protocol Negotiation No
SSL 2 handshake compatibility No

(Matthew Fay) #6

To compare, here’s an SSL labs test of caddyserver.com that appears to list the ciphers it uses:

https://www.ssllabs.com/ssltest/analyze.html?d=caddyserver.com&s=138.68.240.78#suitesHeading


(Magikstm) #7

@Whitestrake thanks for the last link.

My IE11 doesn’t have any of the 3 listed ciphers.

The website lists issues for IE 11 / Win 7 as well.


(Matthew Fay) #8

Yeah. In the Github links above, they do a similar test (not on caddyserver.com, but on another site served by the latest Caddy) with similar results, I believe.


(Matt Holt) #9

We removed the last of the known-weak ciphers from Caddy’s default cipher suite selection. I have no interest in re-adding them personally, but you are welcome to in your own configurations to support broken and unsupported clients. Just note that cipher suite selection is not customizable in TLS 1.3.


(My1) #10

but intrestingly, if caddyserver.com plays
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
on an obviously RSA cert

wouldnt this become
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
on an EC cert
which actually is in the supported list?

I think this could be intresting, I am probably going to compile myself the newest version of caddy, and try some stuff later.


(My1) #11

quick update I got it to work at least on 8.1 (don’t have 7 to test).

https://domain.tld/ {
  tls {
    protocols tls1.2 tls1.3
    key_type p384
  }
  //whatever you need
}