I recently switched from nginx to caddy and I’ve run into a bit of an issue.
Caddie uses 1024 bit keys for diffie-hellman exchanges. On nginx I just bumped that up to 2048 with the ssl_dhparam directive. However, when looking through the docs I found no equivalent. So am I missing something or has this feature or it’s equivalent just not been added?
I suppose this is a bit nit-picky anyways for it being a test server, but practice makes perfect?
In other words, there’s plain RSA suites without any perfect-forward–secrecy (PFS) and ECDHE_{RSA,ECDSA}. Nothing else. Not implemented is any EDH_{RSA,ECDSA}.
If anything like eq 3072 bits is displayed, then the SSL check site likely means ECDHE with a 256b curve has been used.