Is there a document that list of supported TLS ciphers on SNAP-PACs? I recently updated a reverse proxy I use for a web service (caddy) and now I am getting TLS handshake errors from the PAC. -2103 error on the PAC and the web server reports: “tls: no cipher suite supported by both client and server”. All the RSA and all the CBC ciphers appear to have been declared weak and deprecated.
The LetsEncrypt certificate on my new server used a ECDSA key and not an RSA key. ECDSA keys are the default for Caddy. I changed the configuration to request a cert with an RSA key and then the PAC was able to negotiate again.
Feature request - update the PACs to support ECDSA keyed certs. (IE11 supports it, gasp)