Closed bokub closed 4 years ago
I think Caddy's cipher suites should now match the go
ones, correct?
Also, you should be able to support both Caddy v1 and Caddy v2 by using the minver
macro and an if
/else
statement. :)
I think Caddy's cipher suites should now match the
go
ones, correct?
The following ciphers from go
are not supported by Caddy:
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
(but there is TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
instead)TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
(but there is TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
instead)TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
you should be able to support both Caddy v1 and Caddy v2 by using the
minver
macro and anif/else
statement.
All right, I will do if v1: <hardcoded ciphers>; else <ciphers from JSON>
@april I've used the minver
macro and an if/else
statement as you suggested :+1:
This is great, could I ask for one more favor?
Would you be willing to rebase your changes against 5.5.json
(which is the latest version) by creating a 5.6.json
with caddy
in it? I always bump the numbers when there is a change to these files, since a lot of tools rely on them programmatically.
Thanks again, I (and @mholt) really appreciate all your hard work here!
To clarify, the new cipher names should be the same as the IANA-registered names, which I believe match Go, although the set of ciphers Caddy supports and the set of ciphers Go supports are not the same.
Maybe the better option would simply be to use the iana
list and then have a list of ciphers that Caddy doesn't support in the configuration file instead?
@april I've added 5.6.json
and edited the symlink as requested
Here is the diff between 5.5 and 5.6
I had to fix some errors in the caddy cipher list, but it should all be up and running now. Thanks again!
Oh, awesome -- you folks are amazing! Thanks for working on that. :+1:
The cipher names have changed in Caddy v2 (v1 being deprecated now)
The full list of ciphers is available here
These are the replacements I made: