TLS version parameters

marcoslater · August 5, 2016, 10:20am

Hi!

Out of personal interest and just general “why not”, I try to keep my site to hit the highest scores on ssllabs.

So far caddy has been quite good at that, even on its own.

In the latest release “Caddy 0.9.0” I’ve noticed some issues with some of my directives, mainly that tls protocols directives are no longer honoured.

In my configuration for caddy I have the following parameters for the TLS directive, bear in mind these were working fine in the previous version (sub 0.9.0) and from what I understand from the docs, they have not changed in syntax.
tls { key_type p384 protocols tls1.2 tls1.2 }
In theory, this should force TLS 1.2, and no other protocols.

Unfortunately, however, ssllabs and a few other sites and browsers I tested with seem to report otherwise:

This is a bit of a bummer.

Perhaps something has changed in the way the directive is handled, that I may not be aware of?

Please let me know if you need any more info.

Thank you. :)

matt · August 5, 2016, 2:35pm

This is a known issue in 0.9 and is already fixed on master, and will go out with the next release.

marcoslater · August 5, 2016, 2:48pm

I was not aware. Thanks for informing me.

Is there a set date for the next release, or is it just whenever X is done?

matt · August 5, 2016, 3:55pm

Good question… I’m looking at soon after the Go 1.7 release, so that Caddy 0.9.1 can be built on Go 1.7. And I want to close up the lingering pull requests. Some of them are rather tricky.

system · November 3, 2016, 3:55pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.