mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-23 17:16:40 +01:00
Set protocol version properly (fixes #943)
This commit is contained in:
parent
cf4e0c9c9c
commit
b35d19d78e
3 changed files with 30 additions and 4 deletions
|
@ -9,11 +9,12 @@ import (
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/mholt/caddy"
|
|
||||||
"github.com/xenolf/lego/acme"
|
|
||||||
"log"
|
"log"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/mholt/caddy"
|
||||||
|
"github.com/xenolf/lego/acme"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Config describes how TLS should be configured and used.
|
// Config describes how TLS should be configured and used.
|
||||||
|
@ -322,10 +323,10 @@ func MakeTLSConfig(configs []*Config) (*tls.Config, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Go with the widest range of protocol versions
|
// Go with the widest range of protocol versions
|
||||||
if cfg.ProtocolMinVersion < config.MinVersion {
|
if config.MinVersion == 0 || cfg.ProtocolMinVersion < config.MinVersion {
|
||||||
config.MinVersion = cfg.ProtocolMinVersion
|
config.MinVersion = cfg.ProtocolMinVersion
|
||||||
}
|
}
|
||||||
if cfg.ProtocolMaxVersion < config.MaxVersion {
|
if cfg.ProtocolMaxVersion > config.MaxVersion {
|
||||||
config.MaxVersion = cfg.ProtocolMaxVersion
|
config.MaxVersion = cfg.ProtocolMaxVersion
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,34 @@
|
||||||
package caddytls
|
package caddytls
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"errors"
|
"errors"
|
||||||
"net/url"
|
"net/url"
|
||||||
"reflect"
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func TestMakeTLSConfig(t *testing.T) {
|
||||||
|
// same min and max protocol versions
|
||||||
|
configs := []*Config{
|
||||||
|
{
|
||||||
|
Enabled: true,
|
||||||
|
ProtocolMinVersion: tls.VersionTLS12,
|
||||||
|
ProtocolMaxVersion: tls.VersionTLS12,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
result, err := MakeTLSConfig(configs)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Did not expect an error, but got %v", err)
|
||||||
|
}
|
||||||
|
if got, want := result.MinVersion, uint16(tls.VersionTLS12); got != want {
|
||||||
|
t.Errorf("Expected min version to be %x, got %x", want, got)
|
||||||
|
}
|
||||||
|
if got, want := result.MaxVersion, uint16(tls.VersionTLS12); got != want {
|
||||||
|
t.Errorf("Expected max version to be %x, got %x", want, got)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestStorageForNoURL(t *testing.T) {
|
func TestStorageForNoURL(t *testing.T) {
|
||||||
c := &Config{}
|
c := &Config{}
|
||||||
if _, err := c.StorageFor(""); err == nil {
|
if _, err := c.StorageFor(""); err == nil {
|
||||||
|
|
|
@ -88,6 +88,9 @@ func setupTLS(c *caddy.Controller) error {
|
||||||
return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[1])
|
return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[1])
|
||||||
}
|
}
|
||||||
config.ProtocolMaxVersion = value
|
config.ProtocolMaxVersion = value
|
||||||
|
if config.ProtocolMinVersion > config.ProtocolMaxVersion {
|
||||||
|
return c.Errf("Minimum protocol version cannot be higher than maximum (reverse the order)")
|
||||||
|
}
|
||||||
case "ciphers":
|
case "ciphers":
|
||||||
for c.NextArg() {
|
for c.NextArg() {
|
||||||
value, ok := supportedCiphersMap[strings.ToUpper(c.Val())]
|
value, ok := supportedCiphersMap[strings.ToUpper(c.Val())]
|
||||||
|
|
Loading…
Reference in a new issue