The release notes are in CHANGES.txt that are distributed with every Caddy download, but also always available on GitHub: https://github.com/mholt/caddy/releases and for significant releases there is a blog post with information. (A quick Google search for “Caddy release notes” would bring these up too ;))
Help me out - I’m looking for an error message here. What’s the error?
This is what it gets on the log (running caddy -log /tmp/dump.txt:
2017/04/26 11:07:09 http: TLS handshake error from 18.104.22.168:58031: tls: no cipher suite supported by both client and server
2017/04/26 11:07:09 http: TLS handshake error from 22.214.171.124:58032: tls: no cipher suite supported by both client and server
2017/04/26 11:07:09 http: TLS handshake error from 126.96.36.199:58033: tls: client offered an unsupported, maximum protocol version of 301
2017/04/26 11:07:09 http: TLS handshake error from 188.8.131.52:58034: tls: client offered an unsupported, maximum protocol version of 301
Okay, so, this is an easy explanation. I didn’t catch this before in your config:
ECDHE-ECDSA-AES256-GCM-SHA384 is the only cipher suite you’re allowing, but your certificate is RSA. You can’t use a wholly elliptic cipher suite with an RSA key; while it can use EC for key exchange, the asymmetric encryption (for the signature) has to use an RSA key, so ECDSA won’t be used.
So add ECDHE-RSA-AES256-GCM-SHA384 to your cipher suite list.
This is one reason why I urge caution when adjusting the TLS configuration. The defaults are sane, I suggest sticking to them unless you’re really careful.
Because in Go 1.8 we can finally customize each site’s TLS config, rather than having to combine them all that share a listener. So it unioned cipher suites before, meaning that another site had a more generous cipher suite selection.