Commit 346135fe authored by Matt Holt's avatar Matt Holt

Merge pull request #89 from guilhermebr/master

removed tls cache option
parents 674f454e 69939108
......@@ -3,7 +3,6 @@ package setup
import (
"crypto/tls"
"log"
"strconv"
"strings"
"github.com/mholt/caddy/middleware"
......@@ -54,15 +53,6 @@ func TLS(c *Controller) (middleware.Middleware, error) {
}
c.TLS.Ciphers = append(c.TLS.Ciphers, value)
}
case "cache":
if !c.NextArg() {
return nil, c.ArgErr()
}
size, err := strconv.Atoi(c.Val())
if err != nil {
return nil, c.Errf("Cache parameter must be a number '%s': %v", c.Val(), err)
}
c.TLS.CacheSize = size
default:
return nil, c.Errf("Unknown keyword '%s'")
}
......@@ -85,11 +75,6 @@ func TLS(c *Controller) (middleware.Middleware, error) {
c.TLS.ProtocolMaxVersion = tls.VersionTLS12
}
//If no cachesize provided, set default to 64
if c.TLS.CacheSize <= 0 {
c.TLS.CacheSize = 64
}
// Prefer server cipher suites
c.TLS.PreferServerCipherSuites = true
......
......@@ -31,9 +31,6 @@ func TestTLSParseBasic(t *testing.T) {
if c.TLS.ProtocolMaxVersion != tls.VersionTLS12 {
t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", c.TLS.ProtocolMaxVersion)
}
if c.TLS.CacheSize != 64 {
t.Errorf("Expected CacheSize 64, got %v", c.TLS.CacheSize)
}
// Cipher checks
expectedCiphers := []uint16{
......@@ -88,7 +85,6 @@ func TestTLSParseWithOptionalParams(t *testing.T) {
params := `tls cert.crt cert.key {
protocols ssl3.0 tls1.2
ciphers RSA-3DES-EDE-CBC-SHA RSA-AES256-CBC-SHA ECDHE-RSA-AES128-GCM-SHA256
cache 128
}`
c := newTestController(params)
......@@ -108,15 +104,12 @@ func TestTLSParseWithOptionalParams(t *testing.T) {
if len(c.TLS.Ciphers)-1 != 3 {
t.Errorf("Expected 3 Ciphers (not including TLS_FALLBACK_SCSV), got %v", len(c.TLS.Ciphers))
}
if c.TLS.CacheSize != 128 {
t.Errorf("Expected CacheSize 128, got %v", c.TLS.CacheSize)
}
}
func TestTLSParseWithWrongOptionalParams(t *testing.T) {
// Test protocols wrong params
params := `tls cert.crt cert.key {
cache a
protocols ssl tls
}`
c := newTestController(params)
_, err := TLS(c)
......@@ -124,16 +117,6 @@ func TestTLSParseWithWrongOptionalParams(t *testing.T) {
t.Errorf("Expected errors, but no error returned")
}
// Test protocols wrong params
params = `tls cert.crt cert.key {
protocols ssl tls
}`
c = newTestController(params)
_, err = TLS(c)
if err == nil {
t.Errorf("Expected errors, but no error returned")
}
// Test ciphers wrong params
params = `tls cert.crt cert.key {
ciphers not-valid-cipher
......
......@@ -63,6 +63,5 @@ type TLSConfig struct {
Ciphers []uint16
ProtocolMinVersion uint16
ProtocolMaxVersion uint16
CacheSize int
PreferServerCipherSuites bool
}
......@@ -132,7 +132,6 @@ func ListenAndServeTLSWithSNI(srv *http.Server, tlsConfigs []TLSConfig) error {
config.BuildNameToCertificate()
// Customize our TLS configuration
config.ClientSessionCache = tls.NewLRUClientSessionCache(tlsConfigs[0].CacheSize)
config.MinVersion = tlsConfigs[0].ProtocolMinVersion
config.MaxVersion = tlsConfigs[0].ProtocolMaxVersion
config.CipherSuites = tlsConfigs[0].Ciphers
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment