Set protocol version properly (fixes #943)

This commit is contained in:
Matthew Holt 2016-07-19 11:48:39 -06:00
parent cf4e0c9c9c
commit b35d19d78e
3 changed files with 30 additions and 4 deletions

View file

@ -9,11 +9,12 @@ import (
"io/ioutil" "io/ioutil"
"time" "time"
"github.com/mholt/caddy"
"github.com/xenolf/lego/acme"
"log" "log"
"net/url" "net/url"
"strings" "strings"
"github.com/mholt/caddy"
"github.com/xenolf/lego/acme"
) )
// Config describes how TLS should be configured and used. // Config describes how TLS should be configured and used.
@ -322,10 +323,10 @@ func MakeTLSConfig(configs []*Config) (*tls.Config, error) {
} }
// Go with the widest range of protocol versions // Go with the widest range of protocol versions
if cfg.ProtocolMinVersion < config.MinVersion { if config.MinVersion == 0 || cfg.ProtocolMinVersion < config.MinVersion {
config.MinVersion = cfg.ProtocolMinVersion config.MinVersion = cfg.ProtocolMinVersion
} }
if cfg.ProtocolMaxVersion < config.MaxVersion { if cfg.ProtocolMaxVersion > config.MaxVersion {
config.MaxVersion = cfg.ProtocolMaxVersion config.MaxVersion = cfg.ProtocolMaxVersion
} }

View file

@ -1,12 +1,34 @@
package caddytls package caddytls
import ( import (
"crypto/tls"
"errors" "errors"
"net/url" "net/url"
"reflect" "reflect"
"testing" "testing"
) )
func TestMakeTLSConfig(t *testing.T) {
// same min and max protocol versions
configs := []*Config{
{
Enabled: true,
ProtocolMinVersion: tls.VersionTLS12,
ProtocolMaxVersion: tls.VersionTLS12,
},
}
result, err := MakeTLSConfig(configs)
if err != nil {
t.Fatalf("Did not expect an error, but got %v", err)
}
if got, want := result.MinVersion, uint16(tls.VersionTLS12); got != want {
t.Errorf("Expected min version to be %x, got %x", want, got)
}
if got, want := result.MaxVersion, uint16(tls.VersionTLS12); got != want {
t.Errorf("Expected max version to be %x, got %x", want, got)
}
}
func TestStorageForNoURL(t *testing.T) { func TestStorageForNoURL(t *testing.T) {
c := &Config{} c := &Config{}
if _, err := c.StorageFor(""); err == nil { if _, err := c.StorageFor(""); err == nil {

View file

@ -88,6 +88,9 @@ func setupTLS(c *caddy.Controller) error {
return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[1]) return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[1])
} }
config.ProtocolMaxVersion = value config.ProtocolMaxVersion = value
if config.ProtocolMinVersion > config.ProtocolMaxVersion {
return c.Errf("Minimum protocol version cannot be higher than maximum (reverse the order)")
}
case "ciphers": case "ciphers":
for c.NextArg() { for c.NextArg() {
value, ok := supportedCiphersMap[strings.ToUpper(c.Val())] value, ok := supportedCiphersMap[strings.ToUpper(c.Val())]