From 2b33d9a5e5d1bd12d27bea2cfe8341fd1e5703b2 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 28 Dec 2019 23:56:08 -0700 Subject: http: Enable TLS for servers listening only on HTTPS port It seems silly to have to add a single, empty TLS connection policy to a server to enable TLS when it's only listening on the HTTPS port. We now do this for the user as part of automatic HTTPS (thus, it can be disabled / overridden). See https://caddy.community/t/v2-catch-all-server-with-automatic-tls/6692/2?u=matt --- modules/caddytls/connpolicy.go | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/caddytls/connpolicy.go') diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 6ce6b9e..658adb9 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -106,6 +106,7 @@ func (cp ConnectionPolicies) TLSConfig(ctx caddy.Context) (*tls.Config, error) { } // ConnectionPolicy specifies the logic for handling a TLS handshake. +// An empty policy is valid; safe and sensible defaults will be used. type ConnectionPolicy struct { // How to match this policy with a TLS ClientHello. If // this policy is the first to match, it will be used. -- cgit v1.2.3