From f74fed3f544651c1870d285011598d4fef5e205b Mon Sep 17 00:00:00 2001
From: Mohammed Al Sahaf <msaa1990@gmail.com>
Date: Mon, 3 Feb 2020 19:25:32 +0300
Subject: v2: only compare TLS protocol versions if both are set (#3005)

---
 modules/caddytls/connpolicy.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'modules/caddytls/connpolicy.go')

diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go
index 3e46514..cdc9b9d 100644
--- a/modules/caddytls/connpolicy.go
+++ b/modules/caddytls/connpolicy.go
@@ -222,15 +222,15 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error {
 	}
 
 	// min and max protocol versions
+	if (p.ProtocolMin != "" && p.ProtocolMax != "") && p.ProtocolMin > p.ProtocolMax {
+		return fmt.Errorf("protocol min (%x) cannot be greater than protocol max (%x)", p.ProtocolMin, p.ProtocolMax)
+	}
 	if p.ProtocolMin != "" {
 		cfg.MinVersion = SupportedProtocols[p.ProtocolMin]
 	}
 	if p.ProtocolMax != "" {
 		cfg.MaxVersion = SupportedProtocols[p.ProtocolMax]
 	}
-	if p.ProtocolMin > p.ProtocolMax {
-		return fmt.Errorf("protocol min (%x) cannot be greater than protocol max (%x)", p.ProtocolMin, p.ProtocolMax)
-	}
 
 	// client authentication
 	if p.ClientAuthentication != nil {
-- 
cgit v1.2.3