summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorFilippo Valsorda <[email protected]>2016-08-25 18:28:51 +0100
committerFilippo Valsorda <[email protected]>2016-08-25 18:28:51 +0100
commitef585367113a6aca7c5f4d439196a5511eca7dbe (patch)
tree221a3ba0be28a5f876e26031fb84fd5969dcc8bb
parent17709a7d3f1a6ee0c34bdb81c6332b1339ea7085 (diff)
downloadcaddy-ef585367113a6aca7c5f4d439196a5511eca7dbe.tar.gz
caddy-ef585367113a6aca7c5f4d439196a5511eca7dbe.zip
Actually set tls.Config.PreferServerCipherSuites
It was set by default on the caddy-internal config object, and even checked for conflicts, but it was never actually reflected on the tls.Config. This will have user-visible changes: a client that prefers, say, AES-CBC but also supports AES-GCM would have used AES-CBC befor this, and will use AES-GCM after. This is desirable and important behavior, because if for example the server wanted to support 3DES, but *only if it was strictly necessary*, it would have had no way of doing so with PreferServerCipherSuites false, as the client preference would have won.
-rw-r--r--caddytls/config.go1
1 files changed, 1 insertions, 0 deletions
diff --git a/caddytls/config.go b/caddytls/config.go
index f0f234b63..f73cbde39 100644
--- a/caddytls/config.go
+++ b/caddytls/config.go
@@ -350,6 +350,7 @@ func MakeTLSConfig(configs []*Config) (*tls.Config, error) {
if i > 0 && cfg.PreferServerCipherSuites != configs[i-1].PreferServerCipherSuites {
return nil, fmt.Errorf("cannot both use PreferServerCipherSuites and not use it")
}
+ config.PreferServerCipherSuites = cfg.PreferServerCipherSuites
// Go with the widest range of protocol versions
if config.MinVersion == 0 || cfg.ProtocolMinVersion < config.MinVersion {