summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMatthew Holt <[email protected]>2024-05-06 19:59:42 -0600
committerMatthew Holt <[email protected]>2024-05-06 19:59:42 -0600
commit8d7ac1840221d0b4060448b6f333e6720cfe895f (patch)
tree254d9bb961aafd0b0b122d78d4b012971e3d32e1
parent7e2510ef43d3439c682d56b580e4013a0cc9cc3e (diff)
downloadcaddy-8d7ac1840221d0b4060448b6f333e6720cfe895f.tar.gz
caddy-8d7ac1840221d0b4060448b6f333e6720cfe895f.zip
caddytls: Ability to drop connections (close #6294)
-rw-r--r--modules/caddytls/connpolicy.go6
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 8e1f2cb11..38a01f3e4 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -119,6 +119,9 @@ func (cp ConnectionPolicies) TLSConfig(_ caddy.Context) *tls.Config {
continue policyLoop
}
}
+ if pol.Drop {
+ return nil, fmt.Errorf("dropping connection")
+ }
return pol.TLSConfig, nil
}
@@ -156,6 +159,9 @@ type ConnectionPolicy struct {
// Maximum TLS protocol version to allow. Default: `tls1.3`
ProtocolMax string `json:"protocol_max,omitempty"`
+ // Reject TLS connections. EXPERIMENTAL: May change.
+ Drop bool `json:"drop,omitempty"`
+
// Enables and configures TLS client authentication.
ClientAuthentication *ClientAuthentication `json:"client_authentication,omitempty"`