caddy: Can't connect from IE11/Win7 because CBC cipher is removed from default ciphers

First of all, I can’t explain well in English because I’m Japanese. If you can’t understand this issue,please close this issue. Very sorry.

1. Which version of Caddy are you using (caddy -version)?

0.11.4 with 72d0debde6bf01b5fdce0a4f3dc2b35cba28241a

2. What are you trying to do?

Do SSL Server Test https://www.ssllabs.com/ssltest/index.html

3. What is your Caddyfile?

mydomain {
        proxy / https://localhost:5001 {
                insecure_skip_verify
        }
        gzip
        tls email
}

4. How did you run Caddy (give the full command and describe the execution environment)?

systemctl start Caddy.service by hook.service plugin

5. Please paste any relevant HTTP request(s) here.

request from https://www.ssllabs.com/ssltest/index.html or request from IE11/Win7 direct

6. What did you expect to see?

Can be connect from IE11/Win7. IE11/Win7 is not modern,but still supportted. I think should be able to connect.

7. What did you see instead (give full error messages and/or log)?

SSL Test result is below image image maybe can’t connect IE11/Win7 etc

when without 72d0debde6bf01b5fdce0a4f3dc2b35cba28241a image

8. Why is this a bug, and how do you think this should be fixed?

removed cbc cipher from default ciphers in 72d0debde6bf01b5fdce0a4f3dc2b35cba28241a

Win7 is not support default ciphers in 72d0debde6bf01b5fdce0a4f3dc2b35cba28241a https://docs.microsoft.com/en-us/windows/desktop/secauthn/tls-cipher-suites-in-windows-7

I think In TLS1.3,CBC cipher should be remove, but when connect with TLS1.2, CBC cipher enable.

9. What are you doing to work around the problem in the meantime?

downgrade to 0.11.4 without 72d0debde6bf01b5fdce0a4f3dc2b35cba28241a

10. Please link to any related issues, pull requests, and/or discussion.

Bonus: What do you use Caddy for? Why did you choose Caddy?

I’m using in my website https://ja-fleet.noobow.me/ (Information site of Japanese aircraft) As a reverse proxy.backend is ASP.net Core. Reason of choose caddy,easy config very secure.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 26 (5 by maintainers)

Most upvoted comments

so as mholt fixed it. future releases (or just self compiling master) should run this fix fine.

that way we won’t need to actively weaken the crypto for IE11.

+3
My1 on Apr 1, 2019

okay. after searching in caddy to no end yesterday, I pulled up Agent Ransack today just to note that Certmagic was the one at fault here -> mholt/certmagic#37

I successfully compiled caddy using the fix

here is a compiled exe, along with a caddyfile that was used but removed any domains.

caddy.zip

+3
My1 on Apr 1, 2019

by the way might it be a good idea to make EC certs the default already? I mean at least on Windows you have to go back to XP for not being able to use EC certs (and that is only if you are on IE, use firefox and you can go for EC as far as I remember), and as confirmed by @midzer already, with EC certs we can both keep CBC chipers FAR away from our setup as well as still have IE support, on top EC usually means less overhead.

sounds like a great deal to me…

by the way according to GlobalSign ECC is available from Browsers (all except FF need an ECC compatible OS) IE7 Safari 4 Firefox 2 Chrome

OS: Vista Mac 10.6 Android 4

while they don’t have iOS listed I wouldnt worry about those too much to be honest.

+3
My1 on Mar 27, 2019

Thank you,I understood.

They’ll need to be upgraded to support secure,

I think so too,strongly.

I will continue use caddy. I think caddy is the best web server.

+3
noobow34 on Mar 2, 2019

Enabling all cipher suites is just one line:

Thanks. My sites are accessible again now.

It’s not the number of lines, it’s knowing what to put in them. Crypto is hard, and caddy made it something I didn’t have to think about because it Just Worked. It doesn’t Just Work any more because it no longer supports a browser that is regrettably still popular.

But your configuration is weaker this way.

OTOH, it works for everyone.

It’s time for clients to upgrade to secure protocols and cipher suites that have been in use for a decade.

I agree, but until they do, those of us running webservers have to suck it up.

+2
deanishe on Mar 29, 2019

I have found something very intresting when looking at a the list of caddyseerver.com’s current algos and IE11’s algos, which perhaps might be a breakthrough in this.

but intrestingly, if caddyserver.com plays TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 on an obviously RSA cert

wouldnt this become TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 on an EC cert which actually is in the supported list?

if yes this could be a major breakthrough on this.

+2
My1 on Mar 5, 2019

@My1 Yes, I think you are right, it is probably time to switch to EC certificates as the default. Will try to do that before 1.0. (Pull request, anyone?)

+1
mholt on Mar 30, 2019

@deanishe

Caddy’s main selling point (for me, at least) is its zero-hassle handling of HTTPS.

Dropping support for a browser with ~10% market share takes the “zero” right out of the “zero hassle”.

The feature focus from Caddy’s perspective is “Secure by Default”, not necessarily “zero-hassle”.

10% market share is disappointing to have to drop by default, but the argument is that without dropping it, Caddy would be less “Secure by Default”. This is a question of “opt-in insecurity” vs. “opt-in security”, and given Caddy’s focus, the answer is pretty obvious.

So now I have to set up TLS by hand, but unlike with nginx/apache, there’s not much information out there on how to do that.

This is worded like there’s an issue with information availability, but I think the problem you have is actually information prevalence, because what you want is available - the configuration is well documented and published on the official website. Specific examples are given, including on request in this thread.

Yes, you’re more likely to find the exact, specific answer you’re looking for with a quick Google of a simple search term + “nginx”/“apache”. So many people use those servers and many ask the same common questions on many different forums across the internet. We can’t really replicate that.

IE11 is far too popular a browser for any webserver with aspirations to not support it, imo.

Caddy does support IE11. You just need to configure it away from the secure defaults.

That’s not to say we can’t make it simple and easy to do, though. Nobody’s going to argue that serving IE11 clients isn’t a legitimate use case any more. So the idea of a shorthand for compatibility - given the market share of this particular client - makes sense to me as a feature request. And, yeah, Caddy probably should be designed to retrieve new certs when you change the key type…

+1
whitestrake on Mar 27, 2019

@mholt should it be considered an issue that caddy doesnt get new certs when you change the key type?

+1
My1 on Mar 26, 2019

sure but at least from what I saw regarding supported ciphers and a quick test from SSLLabs current caddy should play nice with IE11 on standard settings provided you have an EC cert (sure, knocks anything older than vista out but better than knocking IE out as a whole)

but even then I would be in favor of a doc note which mentions a good way to throw IE11 in without blowing up security completely.

+1
My1 on Mar 18, 2019
Read more comments on GitHub
← caddy: Can't access object created in markdown front matter
caddy: Can't server any PHP content →