Caddy Equivalent of ssl_dhparam on nginx

I recently switched from nginx to caddy and I’ve run into a bit of an issue.

Caddie uses 1024 bit keys for diffie-hellman exchanges. On nginx I just bumped that up to 2048 with the ssl_dhparam directive. However, when looking through the docs I found no equivalent. So am I missing something or has this feature or it’s equivalent just not been added?

I suppose this is a bit nit-picky anyways for it being a test server, but practice makes perfect?

For reference, this is where I am getting this information

That’s strange, because gets an A+ on the same report, and I haven’t changed the TLS configuration at all:

Are you sure there’s nothing in front of your Caddy instance?

There shouldn’t be anything in front of my server. It’s on my VPS, listening on port 80. I’m planning to use it as a reverse proxy.

Curious. I refreshed your test at The result was

Key Type/Size RSA 2048 bits

with an A+ final grade. Did you make any changes to your configuration to achieve that?

I haven’t changed anything. So I’m sure what could’ve changed. I’m just going to mark your message as the solution and move on.

1 Like

No worries, let us know if you see it happening again!

Go, the language Caddy is written in, does not know anything other than elliptic-curve Diffie-Hellman. Neither something like ssl_dhparam can be set, nor are »1024 or 2048 bits« used.
! go/cipher_suites.go at release-branch.go1.9 · golang/go · GitHub

In other words, there’s plain RSA suites without any perfect-forward–secrecy (PFS) and ECDHE_{RSA,ECDSA}. Nothing else. Not implemented is any EDH_{RSA,ECDSA}.

If anything like eq 3072 bits is displayed, then the SSL check site likely means ECDHE with a 256b curve has been used.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.