2015-05-04 11:04:17 -06:00
|
|
|
package setup
|
|
|
|
|
2015-05-05 12:30:24 -07:00
|
|
|
import (
|
2015-05-18 16:38:21 -03:00
|
|
|
"crypto/tls"
|
2015-10-16 11:47:13 -06:00
|
|
|
"log"
|
2015-05-18 16:38:21 -03:00
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/mholt/caddy/middleware"
|
2015-05-05 12:30:24 -07:00
|
|
|
)
|
2015-05-04 11:04:17 -06:00
|
|
|
|
|
|
|
func TLS(c *Controller) (middleware.Middleware, error) {
|
2015-10-16 11:38:56 -06:00
|
|
|
if c.Port != "http" {
|
|
|
|
c.TLS.Enabled = true
|
2015-10-16 23:30:00 -06:00
|
|
|
} else {
|
2015-10-16 11:47:13 -06:00
|
|
|
log.Printf("Warning: TLS disabled for %s://%s. To force TLS over the plaintext HTTP port, "+
|
|
|
|
"specify port 80 explicitly (https://%s:80).", c.Port, c.Host, c.Host)
|
|
|
|
}
|
|
|
|
|
2015-05-04 11:04:17 -06:00
|
|
|
for c.Next() {
|
2015-10-16 11:38:56 -06:00
|
|
|
args := c.RemainingArgs()
|
|
|
|
switch len(args) {
|
|
|
|
case 1:
|
|
|
|
c.TLS.LetsEncryptEmail = args[0]
|
|
|
|
case 2:
|
|
|
|
c.TLS.Certificate = args[0]
|
|
|
|
c.TLS.Key = args[1]
|
|
|
|
default:
|
2015-05-04 11:04:17 -06:00
|
|
|
return nil, c.ArgErr()
|
|
|
|
}
|
2015-05-18 16:38:21 -03:00
|
|
|
|
|
|
|
// Optional block
|
|
|
|
for c.NextBlock() {
|
|
|
|
switch c.Val() {
|
|
|
|
case "protocols":
|
|
|
|
args := c.RemainingArgs()
|
|
|
|
if len(args) != 2 {
|
|
|
|
return nil, c.ArgErr()
|
|
|
|
}
|
|
|
|
value, ok := supportedProtocols[strings.ToLower(args[0])]
|
|
|
|
if !ok {
|
2015-05-18 23:27:35 -03:00
|
|
|
return nil, c.Errf("Wrong protocol name or protocol not supported '%s'", c.Val())
|
2015-05-18 16:38:21 -03:00
|
|
|
}
|
|
|
|
c.TLS.ProtocolMinVersion = value
|
|
|
|
value, ok = supportedProtocols[strings.ToLower(args[1])]
|
|
|
|
if !ok {
|
2015-05-18 23:27:35 -03:00
|
|
|
return nil, c.Errf("Wrong protocol name or protocol not supported '%s'", c.Val())
|
2015-05-18 16:38:21 -03:00
|
|
|
}
|
|
|
|
c.TLS.ProtocolMaxVersion = value
|
|
|
|
case "ciphers":
|
|
|
|
for c.NextArg() {
|
2015-05-21 10:37:39 -06:00
|
|
|
value, ok := supportedCiphersMap[strings.ToUpper(c.Val())]
|
2015-05-18 16:38:21 -03:00
|
|
|
if !ok {
|
2015-05-18 23:27:35 -03:00
|
|
|
return nil, c.Errf("Wrong cipher name or cipher not supported '%s'", c.Val())
|
2015-05-18 16:38:21 -03:00
|
|
|
}
|
|
|
|
c.TLS.Ciphers = append(c.TLS.Ciphers, value)
|
|
|
|
}
|
2015-06-01 23:22:11 -06:00
|
|
|
case "clients":
|
|
|
|
c.TLS.ClientCerts = c.RemainingArgs()
|
|
|
|
if len(c.TLS.ClientCerts) == 0 {
|
|
|
|
return nil, c.ArgErr()
|
|
|
|
}
|
2015-05-18 16:38:21 -03:00
|
|
|
default:
|
2015-06-02 07:42:38 -06:00
|
|
|
return nil, c.Errf("Unknown keyword '%s'", c.Val())
|
2015-05-18 16:38:21 -03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-05-21 00:06:53 -06:00
|
|
|
// If no ciphers provided, use all that Caddy supports for the protocol
|
2015-05-18 16:38:21 -03:00
|
|
|
if len(c.TLS.Ciphers) == 0 {
|
2015-05-21 10:37:39 -06:00
|
|
|
c.TLS.Ciphers = supportedCiphers
|
2015-05-18 16:38:21 -03:00
|
|
|
}
|
|
|
|
|
2015-05-21 10:37:39 -06:00
|
|
|
// Not a cipher suite, but still important for mitigating protocol downgrade attacks
|
|
|
|
c.TLS.Ciphers = append(c.TLS.Ciphers, tls.TLS_FALLBACK_SCSV)
|
|
|
|
|
|
|
|
// Set default protocol min and max versions - must balance compatibility and security
|
2015-05-18 16:38:21 -03:00
|
|
|
if c.TLS.ProtocolMinVersion == 0 {
|
2015-05-21 10:37:39 -06:00
|
|
|
c.TLS.ProtocolMinVersion = tls.VersionTLS10
|
2015-05-18 16:38:21 -03:00
|
|
|
}
|
|
|
|
if c.TLS.ProtocolMaxVersion == 0 {
|
|
|
|
c.TLS.ProtocolMaxVersion = tls.VersionTLS12
|
|
|
|
}
|
|
|
|
|
2015-05-21 10:37:39 -06:00
|
|
|
// Prefer server cipher suites
|
|
|
|
c.TLS.PreferServerCipherSuites = true
|
|
|
|
|
2015-05-04 11:04:17 -06:00
|
|
|
return nil, nil
|
|
|
|
}
|
2015-05-21 00:06:53 -06:00
|
|
|
|
|
|
|
// Map of supported protocols
|
2015-05-25 15:39:04 -06:00
|
|
|
// SSLv3 will be not supported in future release
|
2015-05-21 00:06:53 -06:00
|
|
|
// HTTP/2 only supports TLS 1.2 and higher
|
|
|
|
var supportedProtocols = map[string]uint16{
|
|
|
|
"ssl3.0": tls.VersionSSL30,
|
|
|
|
"tls1.0": tls.VersionTLS10,
|
|
|
|
"tls1.1": tls.VersionTLS11,
|
|
|
|
"tls1.2": tls.VersionTLS12,
|
|
|
|
}
|
|
|
|
|
2015-05-21 10:37:39 -06:00
|
|
|
// Map of supported ciphers, used only for parsing config.
|
2015-05-21 00:06:53 -06:00
|
|
|
//
|
|
|
|
// Note that, at time of writing, HTTP/2 blacklists 276 cipher suites,
|
|
|
|
// including all but two of the suites below (the two GCM suites).
|
2015-05-21 10:37:39 -06:00
|
|
|
// See https://http2.github.io/http2-spec/#BadCipherSuites
|
|
|
|
//
|
|
|
|
// TLS_FALLBACK_SCSV is not in this list because we manually ensure
|
|
|
|
// it is always added (even though it is not technically a cipher suite).
|
|
|
|
//
|
|
|
|
// This map, like any map, is NOT ORDERED. Do not range over this map.
|
|
|
|
var supportedCiphersMap = map[string]uint16{
|
2015-05-21 00:06:53 -06:00
|
|
|
"ECDHE-RSA-AES128-GCM-SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
"ECDHE-ECDSA-AES128-GCM-SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
"ECDHE-RSA-AES128-CBC-SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
|
"ECDHE-RSA-AES256-CBC-SHA": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
|
"ECDHE-ECDSA-AES256-CBC-SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
|
"ECDHE-ECDSA-AES128-CBC-SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
|
|
|
"RSA-AES128-CBC-SHA": tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
|
|
|
"RSA-AES256-CBC-SHA": tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
|
|
|
"ECDHE-RSA-3DES-EDE-CBC-SHA": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
|
"RSA-3DES-EDE-CBC-SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
|
}
|
|
|
|
|
2015-05-21 10:37:39 -06:00
|
|
|
// List of supported cipher suites in descending order of preference.
|
|
|
|
// Ordering is very important! Getting the wrong order will break
|
|
|
|
// mainstream clients, especially with HTTP/2.
|
|
|
|
//
|
|
|
|
// Note that TLS_FALLBACK_SCSV is not in this list since it is always
|
|
|
|
// added manually.
|
|
|
|
var supportedCiphers = []uint16{
|
|
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
|
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
|
|
|
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
|
|
|
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
|
|
|
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
|
|
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
2015-05-21 00:06:53 -06:00
|
|
|
}
|