Specify TLSv1.3 Cipher Suites

inoblue · July 17, 2021, 10:55am

1. Caddy version (`caddy version`):

v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=

2. How I run Caddy:

a. System environment:

OS: Debian bullseye amd64
Kernel: 5.10.0-7

b. Command:

Use systemd to start caddy.

c. Service/unit/compose file:

This is the systemd service file.

[Unit]
Description=caddy
After=network-online.target
[Service]
ExecStart=/usr/bin/caddy run --config /path/to/Caddyfile
[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

Since the question is only related to TLS, I hide the domain.

example.com
root * /path/to/html
tls /path/to/cert.crt /path/to/priv.key {
	protocols tls1.3
	curves x25519
}
file_server

3. The problem I’m having:

In the document, it says cipher suites are not customizable for TLS 1.3. I wonder is there a way to specify TLSv1.3 cipher suites for caddy? For example, specify that only TLS_AES_128_GCM_SHA256 is accepted. When using Apache and Nginx, which are based on OpenSSL, you can specify TLSv1.3 cipher suites by changing OpenSSL config /usr/lib/ssl/openssl.cnf. I want to know if there is also a similar way to do that in caddy.

4. Error messages and/or full log output:

5. What I already tried:

I tried to change OpenSSL config, but of course it doesn’t work since caddy uses Go’s TLS.

6. Links to relevant resources:

francislavoie · July 17, 2021, 1:42pm

No. Cipher suites for TLS 1.3 are set in stone. We use Go’s stdlib for TLS facilities, and it doesn’t allow configuring cipher suites, because from a security perspective, it’s a risk to allow users to potentially shoot themselves in the foot.

system · August 16, 2021, 10:55am

This topic was automatically closed after 30 days. New replies are no longer allowed.