I believe that’s only for old cipher suites. Modern ciphers are secure.
- Automatic cipher suite ordering in crypto/tls - The Go Programming Language
- tls package - crypto/tls - Go Packages
- ImperialViolet - Lucky Thirteen attack on TLS CBC
- The Raccoon TLS Timing Attack and MinIO
We mention this right on our homepage:
HARDENED STACK
Caddy is proudly written in Go, and its TLS stack is powered by the robust crypto/tls package in the Go standard library, trusted by the world’s largest content distributors.
The vast majority of TLS exploits are memory bugs. See also Golang and Rustlang Memory Safety - InsanityBit