1. 安装 Golang
rm -rf /usr/local/go
wget -c https://golang.org/dl/go1.17.8.linux-amd64.tar.gz -O - | sudo tar -xz -C /usr/local
2. 安装 XCaddy
XCaddy 是一个 Caddy 的辅助编译工具
curl -1sLf \
'https://dl.cloudsmith.io/public/caddy/xcaddy/setup.deb.sh' \
| sudo -E bash
apt install xcaddy
3. 下载代码
git clone https://github.com/caddyserver/caddy.git caddy-mod
4. 修改代码,启用对 TLS 1.0 / 1.1 的支持
---
modules/caddytls/values.go | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/caddytls/values.go b/modules/caddytls/values.go
index 4e8c1adc..91cfd0f5 100644
--- a/modules/caddytls/values.go
+++ b/modules/caddytls/values.go
@@ -115,6 +115,8 @@ var defaultCurves = []tls.CurveID{
// SupportedProtocols is a map of supported protocols.
var SupportedProtocols = map[string]uint16{
+ "tls1.0": tls.VersionTLS10,
+ "tls1.1": tls.VersionTLS11,
"tls1.2": tls.VersionTLS12,
"tls1.3": tls.VersionTLS13,
}
@@ -124,8 +126,6 @@ var SupportedProtocols = map[string]uint16{
var unsupportedProtocols = map[string]uint16{
//nolint:staticcheck
"ssl3.0": tls.VersionSSL30,
- "tls1.0": tls.VersionTLS10,
- "tls1.1": tls.VersionTLS11,
}
// publicKeyAlgorithms is the map of supported public key algorithms.
--
5. 编译 Caddy
xcaddy build \
--with github.com/caddyserver/caddy/v2=./caddy-mod/
6. 修改 Caddy 配置文件,启用算法支持
tls {
protocols tls1.0 tls1.3
ciphers TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA
}