Commit b35d19d7 authored by Matthew Holt's avatar Matthew Holt

Set protocol version properly (fixes #943)

parent cf4e0c9c
......@@ -9,11 +9,12 @@ import (
"io/ioutil"
"time"
"github.com/mholt/caddy"
"github.com/xenolf/lego/acme"
"log"
"net/url"
"strings"
"github.com/mholt/caddy"
"github.com/xenolf/lego/acme"
)
// Config describes how TLS should be configured and used.
......@@ -322,10 +323,10 @@ func MakeTLSConfig(configs []*Config) (*tls.Config, error) {
}
// Go with the widest range of protocol versions
if cfg.ProtocolMinVersion < config.MinVersion {
if config.MinVersion == 0 || cfg.ProtocolMinVersion < config.MinVersion {
config.MinVersion = cfg.ProtocolMinVersion
}
if cfg.ProtocolMaxVersion < config.MaxVersion {
if cfg.ProtocolMaxVersion > config.MaxVersion {
config.MaxVersion = cfg.ProtocolMaxVersion
}
......
package caddytls
import (
"crypto/tls"
"errors"
"net/url"
"reflect"
"testing"
)
func TestMakeTLSConfig(t *testing.T) {
// same min and max protocol versions
configs := []*Config{
{
Enabled: true,
ProtocolMinVersion: tls.VersionTLS12,
ProtocolMaxVersion: tls.VersionTLS12,
},
}
result, err := MakeTLSConfig(configs)
if err != nil {
t.Fatalf("Did not expect an error, but got %v", err)
}
if got, want := result.MinVersion, uint16(tls.VersionTLS12); got != want {
t.Errorf("Expected min version to be %x, got %x", want, got)
}
if got, want := result.MaxVersion, uint16(tls.VersionTLS12); got != want {
t.Errorf("Expected max version to be %x, got %x", want, got)
}
}
func TestStorageForNoURL(t *testing.T) {
c := &Config{}
if _, err := c.StorageFor(""); err == nil {
......
......@@ -88,6 +88,9 @@ func setupTLS(c *caddy.Controller) error {
return c.Errf("Wrong protocol name or protocol not supported: '%s'", args[1])
}
config.ProtocolMaxVersion = value
if config.ProtocolMinVersion > config.ProtocolMaxVersion {
return c.Errf("Minimum protocol version cannot be higher than maximum (reverse the order)")
}
case "ciphers":
for c.NextArg() {
value, ok := supportedCiphersMap[strings.ToUpper(c.Val())]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment