Commit 346135fe authored by Matt Holt's avatar Matt Holt

Merge pull request #89 from guilhermebr/master

removed tls cache option
parents 674f454e 69939108
...@@ -3,7 +3,6 @@ package setup ...@@ -3,7 +3,6 @@ package setup
import ( import (
"crypto/tls" "crypto/tls"
"log" "log"
"strconv"
"strings" "strings"
"github.com/mholt/caddy/middleware" "github.com/mholt/caddy/middleware"
...@@ -54,15 +53,6 @@ func TLS(c *Controller) (middleware.Middleware, error) { ...@@ -54,15 +53,6 @@ func TLS(c *Controller) (middleware.Middleware, error) {
} }
c.TLS.Ciphers = append(c.TLS.Ciphers, value) c.TLS.Ciphers = append(c.TLS.Ciphers, value)
} }
case "cache":
if !c.NextArg() {
return nil, c.ArgErr()
}
size, err := strconv.Atoi(c.Val())
if err != nil {
return nil, c.Errf("Cache parameter must be a number '%s': %v", c.Val(), err)
}
c.TLS.CacheSize = size
default: default:
return nil, c.Errf("Unknown keyword '%s'") return nil, c.Errf("Unknown keyword '%s'")
} }
...@@ -85,11 +75,6 @@ func TLS(c *Controller) (middleware.Middleware, error) { ...@@ -85,11 +75,6 @@ func TLS(c *Controller) (middleware.Middleware, error) {
c.TLS.ProtocolMaxVersion = tls.VersionTLS12 c.TLS.ProtocolMaxVersion = tls.VersionTLS12
} }
//If no cachesize provided, set default to 64
if c.TLS.CacheSize <= 0 {
c.TLS.CacheSize = 64
}
// Prefer server cipher suites // Prefer server cipher suites
c.TLS.PreferServerCipherSuites = true c.TLS.PreferServerCipherSuites = true
......
...@@ -31,9 +31,6 @@ func TestTLSParseBasic(t *testing.T) { ...@@ -31,9 +31,6 @@ func TestTLSParseBasic(t *testing.T) {
if c.TLS.ProtocolMaxVersion != tls.VersionTLS12 { if c.TLS.ProtocolMaxVersion != tls.VersionTLS12 {
t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", c.TLS.ProtocolMaxVersion) t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", c.TLS.ProtocolMaxVersion)
} }
if c.TLS.CacheSize != 64 {
t.Errorf("Expected CacheSize 64, got %v", c.TLS.CacheSize)
}
// Cipher checks // Cipher checks
expectedCiphers := []uint16{ expectedCiphers := []uint16{
...@@ -88,7 +85,6 @@ func TestTLSParseWithOptionalParams(t *testing.T) { ...@@ -88,7 +85,6 @@ func TestTLSParseWithOptionalParams(t *testing.T) {
params := `tls cert.crt cert.key { params := `tls cert.crt cert.key {
protocols ssl3.0 tls1.2 protocols ssl3.0 tls1.2
ciphers RSA-3DES-EDE-CBC-SHA RSA-AES256-CBC-SHA ECDHE-RSA-AES128-GCM-SHA256 ciphers RSA-3DES-EDE-CBC-SHA RSA-AES256-CBC-SHA ECDHE-RSA-AES128-GCM-SHA256
cache 128
}` }`
c := newTestController(params) c := newTestController(params)
...@@ -108,15 +104,12 @@ func TestTLSParseWithOptionalParams(t *testing.T) { ...@@ -108,15 +104,12 @@ func TestTLSParseWithOptionalParams(t *testing.T) {
if len(c.TLS.Ciphers)-1 != 3 { if len(c.TLS.Ciphers)-1 != 3 {
t.Errorf("Expected 3 Ciphers (not including TLS_FALLBACK_SCSV), got %v", len(c.TLS.Ciphers)) t.Errorf("Expected 3 Ciphers (not including TLS_FALLBACK_SCSV), got %v", len(c.TLS.Ciphers))
} }
if c.TLS.CacheSize != 128 {
t.Errorf("Expected CacheSize 128, got %v", c.TLS.CacheSize)
}
} }
func TestTLSParseWithWrongOptionalParams(t *testing.T) { func TestTLSParseWithWrongOptionalParams(t *testing.T) {
// Test protocols wrong params
params := `tls cert.crt cert.key { params := `tls cert.crt cert.key {
cache a protocols ssl tls
}` }`
c := newTestController(params) c := newTestController(params)
_, err := TLS(c) _, err := TLS(c)
...@@ -124,16 +117,6 @@ func TestTLSParseWithWrongOptionalParams(t *testing.T) { ...@@ -124,16 +117,6 @@ func TestTLSParseWithWrongOptionalParams(t *testing.T) {
t.Errorf("Expected errors, but no error returned") t.Errorf("Expected errors, but no error returned")
} }
// Test protocols wrong params
params = `tls cert.crt cert.key {
protocols ssl tls
}`
c = newTestController(params)
_, err = TLS(c)
if err == nil {
t.Errorf("Expected errors, but no error returned")
}
// Test ciphers wrong params // Test ciphers wrong params
params = `tls cert.crt cert.key { params = `tls cert.crt cert.key {
ciphers not-valid-cipher ciphers not-valid-cipher
......
...@@ -63,6 +63,5 @@ type TLSConfig struct { ...@@ -63,6 +63,5 @@ type TLSConfig struct {
Ciphers []uint16 Ciphers []uint16
ProtocolMinVersion uint16 ProtocolMinVersion uint16
ProtocolMaxVersion uint16 ProtocolMaxVersion uint16
CacheSize int
PreferServerCipherSuites bool PreferServerCipherSuites bool
} }
...@@ -132,7 +132,6 @@ func ListenAndServeTLSWithSNI(srv *http.Server, tlsConfigs []TLSConfig) error { ...@@ -132,7 +132,6 @@ func ListenAndServeTLSWithSNI(srv *http.Server, tlsConfigs []TLSConfig) error {
config.BuildNameToCertificate() config.BuildNameToCertificate()
// Customize our TLS configuration // Customize our TLS configuration
config.ClientSessionCache = tls.NewLRUClientSessionCache(tlsConfigs[0].CacheSize)
config.MinVersion = tlsConfigs[0].ProtocolMinVersion config.MinVersion = tlsConfigs[0].ProtocolMinVersion
config.MaxVersion = tlsConfigs[0].ProtocolMaxVersion config.MaxVersion = tlsConfigs[0].ProtocolMaxVersion
config.CipherSuites = tlsConfigs[0].Ciphers config.CipherSuites = tlsConfigs[0].Ciphers
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment