Skip to content

MewoLab/caddy-oldtls

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,606 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

A caddy fork that allow you to enable legacy/insecure TLS ciphersuites, for backward compatibility with legacy systems.

Warning

Caddy is aparently too modern to even allow the option to enable backward compatibility with older systems... 🥹
So... think again if you were considering migrating to caddy

image

How to use (in docker)

Dockerfile:

FROM caddy:builder AS builder
RUN xcaddy build \
    --with github.com/mholt/caddy-l4 \
    --with github.com/caddyserver/caddy/v2=github.com/MewoLab/caddy-oldtls/v2@master

FROM caddy:alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

compose.yml:

services:
  caddy:
    build: .
    restart: unless-stopped
    environment:
      - GODEBUG=tlsrsakex=1
      - CADDY_TLS_ALLOW_INSECURE_CIPHER_SUITES=1
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./etc/caddy:/etc/caddy
      - ./data:/data
      - ./config:/config

etc/caddy/CaddyFile:

{
    debug
    default_sni example.com
}

https://example.com {
    tls {
        key_type rsa2048
        ciphers TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA
    }

	respond 200 "OK"
}

then:

docker compose up -d

About

Caddy with old ciphersuite support

Resources

License

Contributing

Security policy

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Go 98.1%
  • HTML 1.9%