I would like to increase the Let’s encrypt keysize. The default is 2048, I would like to have a 4096 key. Is this possible with the caddyfile? I’ve heard this is only achievable via JSON, but this would lead to the problem that it’s not possible to import JSON configuration into a Caddyfile configuration :S and I really don’t want to use the API or transform my caddyfile into JSON first…
Right now i have 10% missing for key exchange and cipher strength. I could fix the key exchange with p384 I guess, but what about the cipher strength? Is there a way to only allow ciphers with at least 256bit?
Usually you need HSTS set to a long duration to get 100%. That’s what caddyserver.com does anyway, and we have 100%.
Currently, you do not need to change any TLS/cert settings in Caddy to get 100%. Just set that header. Using p384 may be less optimal in most hardware implementations.
You’re right, I missed that part of what you were trying to achieve.
I’m pretty sure if we actually got 100% in everything then we’d have a lot more complaints about people not being able to connect (and for no good reason).
Caddy is capable of getting full 100% (I’ve done it before for fun, and seen others do it before too) – you just have to configure it to meet the requirements for their test.
But again, I’ll clarify for anyone finding this thread in a search result – getting 100% at SSL Labs is absolutely not necessary, and usually not recommended. (This is just for fun, I suppose.) Caddy’s defaults are modern and secure.