• Filippo Valsorda's avatar
    Actually set tls.Config.PreferServerCipherSuites · ef585367
    Filippo Valsorda authored
    It was set by default on the caddy-internal config object, and even
    checked for conflicts, but it was never actually reflected on the
    tls.Config.
    
    This will have user-visible changes: a client that prefers, say, AES-CBC
    but also supports AES-GCM would have used AES-CBC befor this, and will
    use AES-GCM after.
    
    This is desirable and important behavior, because if for example the
    server wanted to support 3DES, but *only if it was strictly necessary*,
    it would have had no way of doing so with PreferServerCipherSuites
    false, as the client preference would have won.
    ef585367
config.go 16.6 KB