SNAP-PAC TLS cipher list

Is there a document that list of supported TLS ciphers on SNAP-PACs? I recently updated a reverse proxy I use for a web service (caddy) and now I am getting TLS handshake errors from the PAC. -2103 error on the PAC and the web server reports: “tls: no cipher suite supported by both client and server”. All the RSA and all the CBC ciphers appear to have been declared weak and deprecated.

I am not aware of any such doc. You might have to reach out to support for this one @philip

Okay thanks. I was able to check what ciphers were available when SNAP PAC has REST enabled. Maybe they are the same when running as a client.

Here they are:


The LetsEncrypt certificate on my new server used a ECDSA key and not an RSA key. ECDSA keys are the default for Caddy. I changed the configuration to request a cert with an RSA key and then the PAC was able to negotiate again.

Feature request - update the PACs to support ECDSA keyed certs. (IE11 supports it, gasp)