summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMohammed Al Sahaf <msaa1990@gmail.com>2020-02-03 19:25:32 +0300
committerGitHub <noreply@github.com>2020-02-03 09:25:32 -0700
commitf74fed3f544651c1870d285011598d4fef5e205b (patch)
treeadd147017cb2fe54f65d34674e30f6c1f6494fea
parent8b2ad61220f199e7329f218e21a6950bb1ab4c67 (diff)
v2: only compare TLS protocol versions if both are set (#3005)
-rw-r--r--modules/caddytls/connpolicy.go6
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 3e46514..cdc9b9d 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -222,15 +222,15 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
}
// min and max protocol versions
+ if (p.ProtocolMin != "" && p.ProtocolMax != "") && p.ProtocolMin > p.ProtocolMax {
+ return fmt.Errorf("protocol min (%x) cannot be greater than protocol max (%x)", p.ProtocolMin, p.ProtocolMax)
+ }
if p.ProtocolMin != "" {
cfg.MinVersion = SupportedProtocols[p.ProtocolMin]
}
if p.ProtocolMax != "" {
cfg.MaxVersion = SupportedProtocols[p.ProtocolMax]
}
- if p.ProtocolMin > p.ProtocolMax {
- return fmt.Errorf("protocol min (%x) cannot be greater than protocol max (%x)", p.ProtocolMin, p.ProtocolMax)
- }
// client authentication
if p.ClientAuthentication != nil {