From 6fdc83faeb87f0143d077cef1c50133d369a9c4e Mon Sep 17 00:00:00 2001 From: xenolf Date: Wed, 4 Nov 2015 23:53:03 +0100 Subject: [PATCH] Fix regression: Ensure TLS defaults are added by LE handlers. --- caddy/letsencrypt/letsencrypt.go | 4 ++++ caddy/setup/tls.go | 11 +++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/caddy/letsencrypt/letsencrypt.go b/caddy/letsencrypt/letsencrypt.go index 6005925d7..2ad1a126b 100644 --- a/caddy/letsencrypt/letsencrypt.go +++ b/caddy/letsencrypt/letsencrypt.go @@ -12,6 +12,7 @@ import ( "strings" "time" + "github.com/mholt/caddy/caddy/setup" "github.com/mholt/caddy/middleware" "github.com/mholt/caddy/middleware/redirect" "github.com/mholt/caddy/server" @@ -338,6 +339,9 @@ func autoConfigure(allConfigs []server.Config, cfgIndex int) []server.Config { cfg.TLS.Certificate = storage.SiteCertFile(cfg.Host) cfg.TLS.Key = storage.SiteKeyFile(cfg.Host) cfg.TLS.Enabled = true + // Ensure all defaults are set for the TLS config + setup.SetDefaultTLSParams(cfg) + if cfg.Port == "" { cfg.Port = "https" } diff --git a/caddy/setup/tls.go b/caddy/setup/tls.go index 7519202b5..bef6da9dd 100644 --- a/caddy/setup/tls.go +++ b/caddy/setup/tls.go @@ -6,6 +6,7 @@ import ( "strings" "github.com/mholt/caddy/middleware" + "github.com/mholt/caddy/server" ) func TLS(c *Controller) (middleware.Middleware, error) { @@ -78,6 +79,14 @@ func TLS(c *Controller) (middleware.Middleware, error) { } } + SetDefaultTLSParams(c.Config) + + return nil, nil +} + +// SetDefaultTLSParams sets the default TLS cipher suites, protocol versions and server preferences +// of a server.Config if they were not previously set. +func SetDefaultTLSParams(c *server.Config) { // If no ciphers provided, use all that Caddy supports for the protocol if len(c.TLS.Ciphers) == 0 { c.TLS.Ciphers = supportedCiphers @@ -96,8 +105,6 @@ func TLS(c *Controller) (middleware.Middleware, error) { // Prefer server cipher suites c.TLS.PreferServerCipherSuites = true - - return nil, nil } // Map of supported protocols