diff options
author | Matthew Holt <[email protected]> | 2024-05-06 19:59:42 -0600 |
---|---|---|
committer | Matthew Holt <[email protected]> | 2024-05-06 19:59:42 -0600 |
commit | 8d7ac1840221d0b4060448b6f333e6720cfe895f (patch) | |
tree | 254d9bb961aafd0b0b122d78d4b012971e3d32e1 | |
parent | 7e2510ef43d3439c682d56b580e4013a0cc9cc3e (diff) | |
download | caddy-8d7ac1840221d0b4060448b6f333e6720cfe895f.tar.gz caddy-8d7ac1840221d0b4060448b6f333e6720cfe895f.zip |
caddytls: Ability to drop connections (close #6294)
-rw-r--r-- | modules/caddytls/connpolicy.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 8e1f2cb11..38a01f3e4 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -119,6 +119,9 @@ func (cp ConnectionPolicies) TLSConfig(_ caddy.Context) *tls.Config { continue policyLoop } } + if pol.Drop { + return nil, fmt.Errorf("dropping connection") + } return pol.TLSConfig, nil } @@ -156,6 +159,9 @@ type ConnectionPolicy struct { // Maximum TLS protocol version to allow. Default: `tls1.3` ProtocolMax string `json:"protocol_max,omitempty"` + // Reject TLS connections. EXPERIMENTAL: May change. + Drop bool `json:"drop,omitempty"` + // Enables and configures TLS client authentication. ClientAuthentication *ClientAuthentication `json:"client_authentication,omitempty"` |