From f74fed3f544651c1870d285011598d4fef5e205b Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Mon, 3 Feb 2020 19:25:32 +0300 Subject: v2: only compare TLS protocol versions if both are set (#3005) --- modules/caddytls/connpolicy.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/caddytls/connpolicy.go b/modules/caddytls/connpolicy.go index 3e46514..cdc9b9d 100644 --- a/modules/caddytls/connpolicy.go +++ b/modules/caddytls/connpolicy.go @@ -222,15 +222,15 @@ func (p *ConnectionPolicy) buildStandardTLSConfig(ctx caddy.Context) error { } // min and max protocol versions + if (p.ProtocolMin != "" && p.ProtocolMax != "") && p.ProtocolMin > p.ProtocolMax { + return fmt.Errorf("protocol min (%x) cannot be greater than protocol max (%x)", p.ProtocolMin, p.ProtocolMax) + } if p.ProtocolMin != "" { cfg.MinVersion = SupportedProtocols[p.ProtocolMin] } if p.ProtocolMax != "" { cfg.MaxVersion = SupportedProtocols[p.ProtocolMax] } - if p.ProtocolMin > p.ProtocolMax { - return fmt.Errorf("protocol min (%x) cannot be greater than protocol max (%x)", p.ProtocolMin, p.ProtocolMax) - } // client authentication if p.ClientAuthentication != nil { -- cgit v1.2.3