1. The problem I’m having:
Server is responding for tls 1 and 1.1, and I’m not sure how. I need it to not to do that and i have edited the apache configuration on the server hosting the site and the lets encrypt options file. It is reverse proxied through caddy and caddy handles the cert for the site, if caddy2 doesn’t support tls v1.1 how is it responding to those requests? The site is a nextcloud instance running on ubuntu 22.04lts and is a separate server.
openssl returns this for tlsv1.1:
CONNECTED(00000003)
80926C856F7F0000:error:0A0000BF:SSL routines:tls_setup_handshake:no protocols available:ssl/statem/statem_lib.c:154:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
ssl3 returns this:
s_client: Unknown option: -ssl3
s_client: Use -help for summary.
2. Error messages and/or full log output:
There isn't an error
3. Caddy version:
2.10.0
4. How I installed and ran Caddy:
a. System environment:
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
d. My complete Caddy config:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
