From 3bc203b8bf30be9ef1695fc64f65732fb2452409 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Sat, 12 Oct 2024 00:07:12 -0400 Subject: [PATCH] Replace form.config in template conditionals Instead, prefer to check output.protocols in template conditionals. --- src/templates/partials/caddy.hbs | 10 +++++++--- src/templates/partials/go.hbs | 4 +++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/templates/partials/caddy.hbs b/src/templates/partials/caddy.hbs index f8b236d6..72c45b39 100644 --- a/src/templates/partials/caddy.hbs +++ b/src/templates/partials/caddy.hbs @@ -3,7 +3,7 @@ {{#unless (minver "2.0.0" form.serverVersion)}} # note that Caddy version 1 reached end-of-life > 4 years ago back in 2020 {{else}} -{{#if (includes "old" form.config)}} +{{#if (includes "TLSv1.1" output.protocols)}} # note that Caddy supports only TLSv1.2 and later {{else}} # note that Caddy automatically configures safe TLS settings @@ -15,12 +15,16 @@ example.com { tls { {{#if output.ciphers.length}} + {{#unless (includes "TLSv1.1" output.protocols)}} + {{#if (includes "TLSv1.2" output.protocols)}} # Due to a lack of DHE support, you -must- use an ECDSA cert to support IE 11 on Windows 7 + {{/if}} + {{/unless}} ciphers {{{join output.ciphers " "}}} {{/if}} -{{#if (includes "modern" form.config)}} +{{#unless (includes "TLSv1.2" output.protocols)}} protocols tls1.3 -{{/if}} +{{/unless}} } {{#if form.hsts}} diff --git a/src/templates/partials/go.hbs b/src/templates/partials/go.hbs index 201ca527..5650ae03 100644 --- a/src/templates/partials/go.hbs +++ b/src/templates/partials/go.hbs @@ -34,9 +34,11 @@ func main() { {{/if}} {{#if output.ciphers.length}} - {{#if (includes "intermediate" form.config)}} + {{#unless (includes "TLSv1.1" output.protocols)}} + {{#if (includes "TLSv1.2" output.protocols)}} // Due to a lack of DHE support, you -must- use an ECDSA cert to support IE 11 on Windows 7 {{/if}} + {{/unless}} {{/if}} cfg := &tls.Config{ MinVersion: tls.{{#if (eq output.protocols.[0] "TLSv1")}}VersionTLS10{{else}}{{{replace output.protocols.[0] "TLSv1." "VersionTLS1"}}}{{/if}},