From 859a93d2962d042226f5296c5c05059f730dacd0 Mon Sep 17 00:00:00 2001
From: Eldin Hadzic <eldin@hadzic.co>
Date: Mon, 4 Apr 2016 23:59:40 +0000
Subject: [PATCH] Fix for #721

---
 caddy/https/https.go      | 2 +-
 caddy/https/setup.go      | 4 ----
 caddy/https/setup_test.go | 5 +++++
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/caddy/https/https.go b/caddy/https/https.go
index 83e5a52e..f9214f14 100644
--- a/caddy/https/https.go
+++ b/caddy/https/https.go
@@ -404,7 +404,7 @@ const AlternatePort = "5033"
 // KeyType is the type to use for new keys.
 // This shouldn't need to change except for in tests;
 // the size can be drastically reduced for speed.
-var KeyType acme.KeyType
+var KeyType = acme.RSA2048
 
 // stopChan is used to signal the maintenance goroutine
 // to terminate.
diff --git a/caddy/https/setup.go b/caddy/https/setup.go
index ac1f7da3..03d186a7 100644
--- a/caddy/https/setup.go
+++ b/caddy/https/setup.go
@@ -228,10 +228,6 @@ func loadCertsInDir(c *setup.Controller, dir string) error {
 // port to 443 if not already set, TLS is enabled, TLS is manual, and the host
 // does not equal localhost.
 func setDefaultTLSParams(c *server.Config) {
-	if KeyType == "" {
-		KeyType = acme.RSA2048
-	}
-
 	// If no ciphers provided, use default list
 	if len(c.TLS.Ciphers) == 0 {
 		c.TLS.Ciphers = defaultCiphers
diff --git a/caddy/https/setup_test.go b/caddy/https/setup_test.go
index 220cb0bc..f1a07474 100644
--- a/caddy/https/setup_test.go
+++ b/caddy/https/setup_test.go
@@ -55,6 +55,11 @@ func TestSetupParseBasic(t *testing.T) {
 		t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", c.TLS.ProtocolMaxVersion)
 	}
 
+	// KeyType default
+	if KeyType != acme.RSA2048 {
+		t.Errorf("Expected '2048' as KeyType, got %#v", KeyType)
+	}
+
 	// Cipher checks
 	expectedCiphers := []uint16{
 		tls.TLS_FALLBACK_SCSV,