Customize curve preferences doesn't work for me

Bitti09 commented 7 years ago

1. What version of Caddy are you running (`caddy -version`)?

dev build from latest commit

2. What are you trying to do?

Customize curve preferences

3. What is your entire Caddyfile?

domain.de {
    root /var/www/domain.de
    tls {
    protocols tls1.2
    curves p256 p384 p521 
    }
    header / {
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    }
    fastcgi / /run/php/php7.0-fpm.sock php
}

4. How did you run Caddy (give the full command and describe the execution environment)?

default systemd

5. What did you expect to see?

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp521r1 (eq. 15360 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp521r1 (eq. 15360 bits RSA) FS 128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp521r1 (eq. 15360 bits RSA) FS 256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp521r1 (eq. 15360 bits RSA) FS 128 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)

6. What did you see instead (give full error messages and/or log)?

 ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-SHA AES256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA AES128-SHA

7. How can someone who is starting from scratch reproduce this behavior as minimally as possible?

elcore commented 7 years ago

Hello @Bitti09,

I am not able to reproduce your issue! I tested it on Linux (Ubuntu/Debian) and Windows 10

Caddyfile:

domain.com {
    tls {
        ...
        curves p256 p384 p521 // that is the default, you want -- curves p521 p384 p256 
    }
    ....
}

screenshot 1

Caddyfile (correct version):

domain.com {
    tls {
        ...
        curves p521 p384 p256 
    }
    ....
}

screenshot 2

mholt commented 7 years ago

@Bitti09 Can you provide clearer instructions to get the output you saw? You left question 7 blank :(

caddyserver / caddy