Fix regression: Ensure TLS defaults are added by LE handlers.

2024-12-23 22:27:38 -05:00 · 2015-11-04 23:53:03 +01:00 · 2015-11-04 23:53:03 +01:00 · 6fdc83faeb
commit 6fdc83faeb
parent d36685acdd
2 changed files with 13 additions and 2 deletions
--- a/caddy/letsencrypt/letsencrypt.go
+++ b/caddy/letsencrypt/letsencrypt.go
@ -12,6 +12,7 @@ import (
 	"strings"
 	"time"

+	"github.com/mholt/caddy/caddy/setup"
 	"github.com/mholt/caddy/middleware"
 	"github.com/mholt/caddy/middleware/redirect"
 	"github.com/mholt/caddy/server"
@ -338,6 +339,9 @@ func autoConfigure(allConfigs []server.Config, cfgIndex int) []server.Config {
 	cfg.TLS.Certificate = storage.SiteCertFile(cfg.Host)
 	cfg.TLS.Key = storage.SiteKeyFile(cfg.Host)
 	cfg.TLS.Enabled = true
+	// Ensure all defaults are set for the TLS config
+	setup.SetDefaultTLSParams(cfg)
+
 	if cfg.Port == "" {
 		cfg.Port = "https"
 	}
--- a/caddy/setup/tls.go
+++ b/caddy/setup/tls.go
@ -6,6 +6,7 @@ import (
 	"strings"

 	"github.com/mholt/caddy/middleware"
+	"github.com/mholt/caddy/server"
 )

 func TLS(c *Controller) (middleware.Middleware, error) {
@ -78,6 +79,14 @@ func TLS(c *Controller) (middleware.Middleware, error) {
 		}
 	}

+	SetDefaultTLSParams(c.Config)
+
+	return nil, nil
+}
+
+// SetDefaultTLSParams sets the default TLS cipher suites, protocol versions and server preferences
+// of a server.Config if they were not previously set.
+func SetDefaultTLSParams(c *server.Config) {
 	// If no ciphers provided, use all that Caddy supports for the protocol
 	if len(c.TLS.Ciphers) == 0 {
 		c.TLS.Ciphers = supportedCiphers
@ -96,8 +105,6 @@ func TLS(c *Controller) (middleware.Middleware, error) {

 	// Prefer server cipher suites
 	c.TLS.PreferServerCipherSuites = true
-
-	return nil, nil
 }

 // Map of supported protocols