Hi!
Out of personal interest and just general “why not”, I try to keep my site to hit the highest scores on ssllabs.
So far caddy has been quite good at that, even on its own.
In the latest release “Caddy 0.9.0” I’ve noticed some issues with some of my directives, mainly that tls protocols directives are no longer honoured.
In my configuration for caddy I have the following parameters for the TLS directive, bear in mind these were working fine in the previous version (sub 0.9.0) and from what I understand from the docs, they have not changed in syntax.
tls { key_type p384 protocols tls1.2 tls1.2 }
In theory, this should force TLS 1.2, and no other protocols.
Unfortunately, however, ssllabs and a few other sites and browsers I tested with seem to report otherwise:
This is a bit of a bummer.
Perhaps something has changed in the way the directive is handled, that I may not be aware of?
Please let me know if you need any more info.
Thank you. :)