tls - no renegotation error in reverseproxy

[yaslama]

When using caddy as reverse proxy to connect a server which requires client certificate and does tls renegotiation, I obtain the following error:

{"level":"error","ts":1615198163.6781325,"logger":"http.log.error.log0","msg":"local error: tls: no renegotiation","request":{"remote_addr":"127.0.0.1:52952","proto":"HTTP/1.1","method":"POST","host":"127.0.0.1:8989","uri":"/aa/bb","headers":{"Connection":["Keep-Alive"],"User-Agent":["PHP-SOAP/version"],"Content-Type":["text/xml; charset=utf-8"],"Soapaction":["\"edited""],"Content-Length":["299"],"Accept":["text/html\\r\\n Host: edited\\r\\n User-Agent: Firefox"]}},"duration":0.456289363,"status":502,"err_id":"j8j3k3813","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:441)"}

[francislavoie]

It might be worth considering whether this should be on by default when client auth is configured. I'd like to know if there's any harm with it being on by default, whether there's any pitfalls from a performance or security standpoint.

I'll go read the Godoc for this later today to familiarize myself with it.

[francislavoie]

See https://pkg.go.dev/crypto/tls#RenegotiationSupport

Alright, interesting. It says:

The default, none, is correct for the vast majority of applications.

So I don't think it's appropriate to change the default.

[yaslama]

I agree. Paraphrasing the documentation in https://pkg.go.dev/crypto/tls#RenegotiationSupport:

This significantly complicates the state machine and has been the source of numerous, subtle security issues

So it's better to enable it only when it's really needed