Replace form.config in template conditionals

Instead, prefer to check output.protocols in template conditionals.
mozilla · Oct 12, 2024 · 3bc203b · 3bc203b
1 parent ea1349d
commit 3bc203b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/src/templates/partials/caddy.hbs b/src/templates/partials/caddy.hbs
@@ -3,7 +3,7 @@
 {{#unless (minver "2.0.0" form.serverVersion)}}
 # note that Caddy version 1 reached end-of-life > 4 years ago back in 2020
 {{else}}
-{{#if (includes "old" form.config)}}
+{{#if (includes "TLSv1.1" output.protocols)}}
 # note that Caddy supports only TLSv1.2 and later
 {{else}}
 # note that Caddy automatically configures safe TLS settings
@@ -15,12 +15,16 @@ example.com {
 
   tls {
 {{#if output.ciphers.length}}
+  {{#unless (includes "TLSv1.1" output.protocols)}}
+  {{#if (includes "TLSv1.2" output.protocols)}}
     # Due to a lack of DHE support, you -must- use an ECDSA cert to support IE 11 on Windows 7
+  {{/if}}
+  {{/unless}}
     ciphers {{{join output.ciphers " "}}}
 {{/if}}
-{{#if (includes "modern" form.config)}}
+{{#unless (includes "TLSv1.2" output.protocols)}}
     protocols tls1.3
-{{/if}}
+{{/unless}}
   }
 {{#if form.hsts}}
 

diff --git a/src/templates/partials/go.hbs b/src/templates/partials/go.hbs
@@ -34,9 +34,11 @@ func main() {
 {{/if}}
 
 {{#if output.ciphers.length}}
-  {{#if (includes "intermediate" form.config)}}
+  {{#unless (includes "TLSv1.1" output.protocols)}}
+  {{#if (includes "TLSv1.2" output.protocols)}}
     // Due to a lack of DHE support, you -must- use an ECDSA cert to support IE 11 on Windows 7
   {{/if}}
+  {{/unless}}
 {{/if}}
     cfg := &tls.Config{
         MinVersion: tls.{{#if (eq output.protocols.[0] "TLSv1")}}VersionTLS10{{else}}{{{replace output.protocols.[0] "TLSv1." "VersionTLS1"}}}{{/if}},