Need help with TLS

  1. How do I turn on “Session resumption (caching)” ?
  2. How can I follow “HIPAA guidance”? I can’t add “RSA-AES128-GCM-SHA256” for I get “Parse error: Wrong cipher name or cipher not supported:” even if RSA-3DES-EDE-CBC-SHA is added it don’t show up on TLSv.1.1 at htbridge
  3. How to fix the EC_POINT_FORMAT EXTENSION The server supports elliptic curves but not the EC_POINT_FORMAT TLS extension. ?

Hi Zewy,

Caddy uses tickets to resume, not caching. You probably don’t really want caching anyway, since typically you want the server to maintain as little state as possible, especially with security stuff. See https://blog.cloudflare.com/tls-session-resumption-full-speed-and-secure/ and Botching Forward Secrecy - The sad state of server-side TLS Session Resumption implementations. And the added complexity of maintaining a cache isn’t worth the effort to support only old, weak clients anyway.

Caddy supports ECDHE-RSA-AES128-GCM-SHA256; it’s enabled by default.

I believe Go does support this: tls package - crypto/tls - pkg.go.dev - I’m not sure why it’s saying it doesn’t…

1 Like

You also get the same problem as I do on caddyserver.com at https://www.htbridge.com/ssl/ with

TLSv1.2
TLS_RSA_WITH_AES_128_GCM_SHA256

TLSv1.1
TLS_RSA_WITH_3DES_EDE_CBC_SHA

is that something that can be fixed?

For reference, here are the results of a test of caddyserver.com completed via the above site just now:

https://www.htbridge.com/ssl/?id=712e30f9600ef61ca74dc4ebc55a9dbe5bc8a657ba92a5c5dbcb10ee8e74902f

Under the Test For Compliance With HIPAA, it complains about the above mentioned “mandatory missing ciphers” and the lack of support for EC_POINT_FORMAT, which is what it looks like @Zewy is trying to sort out.

1 Like

That is what I am looking for @Whitestrake Do anyone know how to fix this?

Not sure why the website is claiming a lack of EC_POINT_FORMAT, but that’s down from crypto/tls, not Caddy-specific. Not sure about the ciphers either. Matt’s comment covers everything we know, I think.

Is there any way to fix this problem with AES128-GCM-SHA256 and DES-CBC3-SHA?

openssl s_client -cipher AES128-GCM-SHA256 -connect caddyserver.com:443

CONNECTED(00000003)
140106362275744:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 99 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

openssl s_client -cipher AES128-GCM-SHA256 -connect google.com:443

SSL handshake has read 4305 bytes and written 417 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES128-GCM-SHA256

openssl s_client -cipher DES-CBC3-SHA -connect caddyserver.com:443

CONNECTED(00000003)
139898356479904:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 99 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

openssl s_client -cipher DES-CBC3-SHA -connect google.com:443

SSL handshake has read 4313 bytes and written 425 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DES-CBC3-SHA
---

This is TLS_RSA_WITH_AES_128_GCM_SHA256 which has number 0x9c, which Caddy does not support. (You can open an issue to request it.)

Caddy doesn’t enable DES ciphers (by default, but they can be enabled if you really need them). AFAIK responsible clients won’t need these ciphers.

How do I add it as a extra to the default ones?

You can specify the list of ciphers you want, with the tls directive (that page has the list of cipher suites you can use) – specifically its ciphers subdirective. But why do you want DES ciphers?

I still have some customers that refuse to drop Windows XP…

I check the TLS page is it “RSA-3DES-EDE-CBC-SHA” that is TLS_RSA_WITH_3DES_EDE_CBC_SHA (openssl s_client -cipher DES-CBC3-SHA)

Sorry to go off topic, but wow! Are they shelling out $$$ to Microsoft for security patches or just leaving them vulnerable? Damn.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.