Infrastructure/caddy
1
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-16 21:56:40 -05:00
Code Issues Activity

caddytls: Ability to drop connections (close #6294)

Browse source
This commit is contained in:
Matthew Holt 2024-05-06 19:59:42 -06:00
parent 7e2510ef43
commit 8d7ac18402
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
modules/caddytls/connpolicy.go
View file

@ -119,6 +119,9 @@ func (cp ConnectionPolicies) TLSConfig(_ caddy.Context) *tls.Config {
continue policyLoop continue policyLoop
} }
} }
if pol.Drop {
return nil, fmt.Errorf("dropping connection")
}
return pol.TLSConfig, nil return pol.TLSConfig, nil
} }
@ -156,6 +159,9 @@ type ConnectionPolicy struct {
// Maximum TLS protocol version to allow. Default: `tls1.3` // Maximum TLS protocol version to allow. Default: `tls1.3`
ProtocolMax string `json:"protocol_max,omitempty"` ProtocolMax string `json:"protocol_max,omitempty"`
// Reject TLS connections. EXPERIMENTAL: May change.
Drop bool `json:"drop,omitempty"`
// Enables and configures TLS client authentication. // Enables and configures TLS client authentication.
ClientAuthentication *ClientAuthentication `json:"client_authentication,omitempty"` ClientAuthentication *ClientAuthentication `json:"client_authentication,omitempty"`