Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
caddy
Commits
43020533
Commit
43020533
authored
Dec 19, 2015
by
Abiola Ibrahim
Browse files
Options
Browse Files
Download
Plain Diff
Merge remote-tracking branch 'upstream/master'
parents
a946d65f
a5836aeb
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
15 additions
and
5 deletions
+15
-5
caddy/setup/tls.go
caddy/setup/tls.go
+13
-1
caddy/setup/tls_test.go
caddy/setup/tls_test.go
+2
-4
No files found.
caddy/setup/tls.go
View file @
43020533
...
@@ -90,7 +90,7 @@ func TLS(c *Controller) (middleware.Middleware, error) {
...
@@ -90,7 +90,7 @@ func TLS(c *Controller) (middleware.Middleware, error) {
func
SetDefaultTLSParams
(
c
*
server
.
Config
)
{
func
SetDefaultTLSParams
(
c
*
server
.
Config
)
{
// If no ciphers provided, use all that Caddy supports for the protocol
// If no ciphers provided, use all that Caddy supports for the protocol
if
len
(
c
.
TLS
.
Ciphers
)
==
0
{
if
len
(
c
.
TLS
.
Ciphers
)
==
0
{
c
.
TLS
.
Ciphers
=
supported
Ciphers
c
.
TLS
.
Ciphers
=
default
Ciphers
}
}
// Not a cipher suite, but still important for mitigating protocol downgrade attacks
// Not a cipher suite, but still important for mitigating protocol downgrade attacks
...
@@ -159,3 +159,15 @@ var supportedCiphers = []uint16{
...
@@ -159,3 +159,15 @@ var supportedCiphers = []uint16{
tls
.
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
,
tls
.
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
,
tls
.
TLS_RSA_WITH_3DES_EDE_CBC_SHA
,
tls
.
TLS_RSA_WITH_3DES_EDE_CBC_SHA
,
}
}
// List of all the ciphers we want to use by default
var
defaultCiphers
=
[]
uint16
{
tls
.
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
,
tls
.
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
,
tls
.
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
,
tls
.
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
,
tls
.
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
,
tls
.
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
tls
.
TLS_RSA_WITH_AES_256_CBC_SHA
,
tls
.
TLS_RSA_WITH_AES_128_CBC_SHA
,
}
caddy/setup/tls_test.go
View file @
43020533
...
@@ -42,15 +42,13 @@ func TestTLSParseBasic(t *testing.T) {
...
@@ -42,15 +42,13 @@ func TestTLSParseBasic(t *testing.T) {
tls
.
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
tls
.
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
,
tls
.
TLS_RSA_WITH_AES_256_CBC_SHA
,
tls
.
TLS_RSA_WITH_AES_256_CBC_SHA
,
tls
.
TLS_RSA_WITH_AES_128_CBC_SHA
,
tls
.
TLS_RSA_WITH_AES_128_CBC_SHA
,
tls
.
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
,
tls
.
TLS_RSA_WITH_3DES_EDE_CBC_SHA
,
tls
.
TLS_FALLBACK_SCSV
,
tls
.
TLS_FALLBACK_SCSV
,
}
}
// Ensure count is correct (plus one for TLS_FALLBACK_SCSV)
// Ensure count is correct (plus one for TLS_FALLBACK_SCSV)
if
len
(
c
.
TLS
.
Ciphers
)
!=
len
(
supportedCiphers
)
+
1
{
if
len
(
c
.
TLS
.
Ciphers
)
!=
len
(
expectedCiphers
)
{
t
.
Errorf
(
"Expected %v Ciphers (including TLS_FALLBACK_SCSV), got %v"
,
t
.
Errorf
(
"Expected %v Ciphers (including TLS_FALLBACK_SCSV), got %v"
,
len
(
supportedCiphers
)
+
1
,
len
(
c
.
TLS
.
Ciphers
))
len
(
expectedCiphers
)
,
len
(
c
.
TLS
.
Ciphers
))
}
}
// Ensure ordering is correct
// Ensure ordering is correct
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment