mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-23 09:06:29 +01:00
Set protocol version properly (fixes #943)
This commit is contained in:
parent
cf4e0c9c9c
commit
b35d19d78e
3 changed files with 30 additions and 4 deletions
|
@ -9,11 +9,12 @@ import (
|
|||
"io/ioutil"
|
||||
"time"
|
||||
|
||||
"github.com/mholt/caddy"
|
||||
"github.com/xenolf/lego/acme"
|
||||
"log"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"github.com/mholt/caddy"
|
||||
"github.com/xenolf/lego/acme"
|
||||
)
|
||||
|
||||
// Config describes how TLS should be configured and used.
|
||||
|
@ -322,10 +323,10 @@ func MakeTLSConfig(configs []*Config) (*tls.Config, error) {
|
|||
}
|
||||
|
||||
// Go with the widest range of protocol versions
|
||||
if cfg.ProtocolMinVersion < config.MinVersion {
|
||||
if config.MinVersion == 0 || cfg.ProtocolMinVersion < config.MinVersion {
|
||||
config.MinVersion = cfg.ProtocolMinVersion
|
||||
}
|
||||
if cfg.ProtocolMaxVersion < config.MaxVersion {
|
||||
if cfg.ProtocolMaxVersion > config.MaxVersion {
|
||||
config.MaxVersion = cfg.ProtocolMaxVersion
|
||||
}
|
||||
|
||||
|
|
|
@ -1,12 +1,34 @@
|
|||
package caddytls
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"net/url"
|
||||
"reflect"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestMakeTLSConfig(t *testing.T) {
|
||||
// same min and max protocol versions
|
||||
configs := []*Config{
|
||||
{
|
||||
Enabled: true,
|
||||
ProtocolMinVersion: tls.VersionTLS12,
|
||||
ProtocolMaxVersion: tls.VersionTLS12,
|
||||
},
|
||||
}
|
||||
result, err := MakeTLSConfig(configs)
|
||||
if err != nil {
|
||||
t.Fatalf("Did not expect an error, but got %v", err)
|
||||
}
|
||||
if got, want := result.MinVersion, uint16(tls.VersionTLS12); got != want {
|
||||
t.Errorf("Expected min version to be %x, got %x", want, got)
|
||||
}
|
||||
if got, want := result.MaxVersion, uint16(tls.VersionTLS12); got != want {
|
||||
t.Errorf("Expected max version to be %x, got %x", want, got)
|
||||
}
|
||||
}
|
||||
|
||||
func TestStorageForNoURL(t *testing.T) {
|
||||
c := &Config{}
|
||||
if _, err := c.StorageFor(""); err == nil {
|
||||
|
|
|
@ -88,6 +88,9 @@ func setupTLS(c *caddy.Controller) error {
|
|||
return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[1])
|
||||
}
|
||||
config.ProtocolMaxVersion = value
|
||||
if config.ProtocolMinVersion > config.ProtocolMaxVersion {
|
||||
return c.Errf("Minimum protocol version cannot be higher than maximum (reverse the order)")
|
||||
}
|
||||
case "ciphers":
|
||||
for c.NextArg() {
|
||||
value, ok := supportedCiphersMap[strings.ToUpper(c.Val())]
|
||||
|
|
Loading…
Reference in a new issue