Ubuntu 编译支持 IE 8 的 Caddy Server v2

1. 安装 Golang

rm -rf /usr/local/go
wget -c https://golang.org/dl/go1.17.8.linux-amd64.tar.gz -O - | sudo tar -xz -C /usr/local

2. 安装 XCaddy

XCaddy 是一个 Caddy 的辅助编译工具

curl -1sLf \
  'https://dl.cloudsmith.io/public/caddy/xcaddy/setup.deb.sh' \
  | sudo -E bash

apt install xcaddy

3. 下载代码

git clone https://github.com/caddyserver/caddy.git caddy-mod

4. 修改代码,启用对 TLS 1.0 / 1.1 的支持

---
 modules/caddytls/values.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/caddytls/values.go b/modules/caddytls/values.go
index 4e8c1adc..91cfd0f5 100644
--- a/modules/caddytls/values.go
+++ b/modules/caddytls/values.go
@@ -115,6 +115,8 @@ var defaultCurves = []tls.CurveID{
 
 // SupportedProtocols is a map of supported protocols.
 var SupportedProtocols = map[string]uint16{
+	"tls1.0": tls.VersionTLS10,
+	"tls1.1": tls.VersionTLS11,
 	"tls1.2": tls.VersionTLS12,
 	"tls1.3": tls.VersionTLS13,
 }
@@ -124,8 +126,6 @@ var SupportedProtocols = map[string]uint16{
 var unsupportedProtocols = map[string]uint16{
 	//nolint:staticcheck
 	"ssl3.0": tls.VersionSSL30,
-	"tls1.0": tls.VersionTLS10,
-	"tls1.1": tls.VersionTLS11,
 }
 
 // publicKeyAlgorithms is the map of supported public key algorithms.
-- 

5. 编译 Caddy

xcaddy build \
  --with github.com/caddyserver/caddy/v2=./caddy-mod/

6. 修改 Caddy 配置文件,启用算法支持

tls {
  protocols tls1.0 tls1.3
  ciphers TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA
}

ssllabs.com 测试算法支持情况:

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注