Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #2502: tls self_signed not working correctly #2531

Open
wants to merge 2 commits into
base: master
from

Conversation

Projects
None yet
4 participants
@abiosoft
Copy link
Collaborator

commented Mar 19, 2019

Fixes #2502: tls self_signed not working correctly.

Having compared the code changes with older Caddy versions, I am not sure exactly what changed.
However, I think this is supposed to be the expected behaviour.

Previously #2511.

abiosoft added some commits Mar 9, 2019

@thattomperson

This comment has been minimized.

Copy link

commented Mar 19, 2019

From godoc.org/crypto/tls

TLS 1.3 is available only on an opt-in basis in Go 1.12. To enable it, set the GODEBUG environment variable (comma-separated key=value options) such that it includes "tls13=1". To enable it from within the process, set the environment variable before any use of TLS:

And it looks like Appveyor is using golang v1.11

@elcore

This comment has been minimized.

Copy link
Collaborator

commented Mar 19, 2019

@thattomperson

TLS 1.3 is available only on an opt-in basis in Go 1.12. To enable it, set the GODEBUG environment variable (comma-separated key=value options) such that it includes "tls13=1". To enable it from within the process, set the environment variable before any use of TLS

Caddy does that for you

caddy/caddytls/setup.go

Lines 37 to 39 in 72d0deb

// opt-in TLS 1.3 for Go1.12
// TODO: remove this line when Go1.13 is released.
os.Setenv("GODEBUG", os.Getenv("GODEBUG")+",tls13=1")

And it looks like Appveyor is using golang v1.11

We know, we are waiting for an update...

@mholt
Copy link
Owner

left a comment

I do not think this is the right approach... if the hostname is empty (e.g. "catch-all" address like :2015), we need to serve for ALL addresses, not just local ones.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.