kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
f3fe024dc7
th5/_dev/caddy/caddy.patch
Filippo Valsorda 6e85ff94f0 tris: import go wrapper and interoperability tests
2017-09-05 20:29:43 +01:00

57 lines
2.4 KiB
Diff
Raw Blame History

diff --git a/caddytls/config.go b/caddytls/config.go
index 91c7451..c3e87d5 100644
--- a/caddytls/config.go
+++ b/caddytls/config.go
@@ -241,6 +241,7 @@ func MakeTLSConfig(configs []*Config) (*tls.Config, error) {
if i > 0 && cfg.PreferServerCipherSuites != configs[i-1].PreferServerCipherSuites {
return nil, fmt.Errorf("cannot both use PreferServerCipherSuites and not use it")
}
+ config.PreferServerCipherSuites = cfg.PreferServerCipherSuites
// Go with the widest range of protocol versions
if cfg.ProtocolMinVersion < config.MinVersion {
@@ -335,7 +336,7 @@ func SetDefaultTLSParams(config *Config) {
config.ProtocolMinVersion = tls.VersionTLS11
}
if config.ProtocolMaxVersion == 0 {
- config.ProtocolMaxVersion = tls.VersionTLS12
+ config.ProtocolMaxVersion = tls.VersionTLS13
}
// Prefer server cipher suites
@@ -357,6 +358,7 @@ var supportedProtocols = map[string]uint16{
"tls1.0": tls.VersionTLS10,
"tls1.1": tls.VersionTLS11,
"tls1.2": tls.VersionTLS12,
+ "tls1.3": tls.VersionTLS13,
}
// Map of supported ciphers, used only for parsing config.
@@ -370,6 +372,8 @@ var supportedProtocols = map[string]uint16{
//
// This map, like any map, is NOT ORDERED. Do not range over this map.
var supportedCiphersMap = map[string]uint16{
+ "ECDHE-ECDSA-CHACHA20-POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ "ECDHE-RSA-CHACHA20-POLY1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
"ECDHE-RSA-AES256-GCM-SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"ECDHE-ECDSA-AES256-GCM-SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"ECDHE-RSA-AES128-GCM-SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
@@ -391,6 +395,8 @@ var supportedCiphersMap = map[string]uint16{
// Note that TLS_FALLBACK_SCSV is not in this list since it is always
// added manually.
var supportedCiphers = []uint16{
+ tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
@@ -407,6 +413,8 @@ var supportedCiphers = []uint16{
// List of all the ciphers we want to use by default
var defaultCiphers = []uint16{
+ tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+ tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
Reference in New Issue View Git Blame Copy Permalink