mirror of
				https://github.com/caddyserver/caddy.git
				synced 2025-10-25 15:52:45 -04:00 
			
		
		
		
	reverseproxy: Add tls_curves option to HTTP transport (#5851)
				
					
				
			This commit is contained in:
		
							parent
							
								
									cc0c0cf03e
								
							
						
					
					
						commit
						f658fd05ac
					
				| @ -1072,6 +1072,16 @@ func (h *HTTPTransport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { | |||||||
| 				} | 				} | ||||||
| 				h.TLS.InsecureSkipVerify = true | 				h.TLS.InsecureSkipVerify = true | ||||||
| 
 | 
 | ||||||
|  | 			case "tls_curves": | ||||||
|  | 				args := d.RemainingArgs() | ||||||
|  | 				if len(args) == 0 { | ||||||
|  | 					return d.ArgErr() | ||||||
|  | 				} | ||||||
|  | 				if h.TLS == nil { | ||||||
|  | 					h.TLS = new(TLSConfig) | ||||||
|  | 				} | ||||||
|  | 				h.TLS.Curves = args | ||||||
|  | 
 | ||||||
| 			case "tls_timeout": | 			case "tls_timeout": | ||||||
| 				if !d.NextArg() { | 				if !d.NextArg() { | ||||||
| 					return d.ArgErr() | 					return d.ArgErr() | ||||||
|  | |||||||
| @ -491,6 +491,10 @@ type TLSConfig struct { | |||||||
| 	// When specified, TLS will automatically be configured on the transport. | 	// When specified, TLS will automatically be configured on the transport. | ||||||
| 	// The value can be a list of any valid tcp port numbers, default empty. | 	// The value can be a list of any valid tcp port numbers, default empty. | ||||||
| 	ExceptPorts []string `json:"except_ports,omitempty"` | 	ExceptPorts []string `json:"except_ports,omitempty"` | ||||||
|  | 
 | ||||||
|  | 	// The list of elliptic curves to support. Caddy's | ||||||
|  | 	// defaults are modern and secure. | ||||||
|  | 	Curves []string `json:"curves,omitempty"` | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| // MakeTLSClientConfig returns a tls.Config usable by a client to a backend. | // MakeTLSClientConfig returns a tls.Config usable by a client to a backend. | ||||||
| @ -579,6 +583,15 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) { | |||||||
| 	// throw all security out the window | 	// throw all security out the window | ||||||
| 	cfg.InsecureSkipVerify = t.InsecureSkipVerify | 	cfg.InsecureSkipVerify = t.InsecureSkipVerify | ||||||
| 
 | 
 | ||||||
|  | 	curvesAdded := make(map[tls.CurveID]struct{}) | ||||||
|  | 	for _, curveName := range t.Curves { | ||||||
|  | 		curveID := caddytls.SupportedCurves[curveName] | ||||||
|  | 		if _, ok := curvesAdded[curveID]; !ok { | ||||||
|  | 			curvesAdded[curveID] = struct{}{} | ||||||
|  | 			cfg.CurvePreferences = append(cfg.CurvePreferences, curveID) | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
| 	// only return a config if it's not empty | 	// only return a config if it's not empty | ||||||
| 	if reflect.DeepEqual(cfg, new(tls.Config)) { | 	if reflect.DeepEqual(cfg, new(tls.Config)) { | ||||||
| 		return nil, nil | 		return nil, nil | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user