Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

reverseproxy: Add tls_curves option to HTTP transport #5851

Merged
merged 1 commit into from
Jan 13, 2024

Conversation

bwesterb
Copy link
Contributor

@bwesterb bwesterb commented Oct 2, 2023

Example Caddyfile

localhost {
    reverse_proxy https://example.com {
        transport http {
            tls_curves secp521r1
        }
    }
}

Long term goal is to be able to configure post-quantum for Caddy -> upstream.

@CLAassistant
Copy link

CLAassistant commented Oct 2, 2023

CLA assistant check
All committers have signed the CLA.

@francislavoie francislavoie changed the title reverse_proxy http Add tls_curves directive reverseproxy: Add tls_curves option to HTTP transport Oct 3, 2023
@francislavoie francislavoie added the feature ⚙️ New feature or request label Oct 3, 2023
@bwesterb bwesterb force-pushed the reverse-proxy-curves branch from a98846c to 730ffe8 Compare October 3, 2023 00:50
@mholt mholt added this to the 2.9.0 milestone Oct 3, 2023
Copy link
Member

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this. I noticed it doesn't reject unknown curve names, but maybe that's OK for a niche feature for now. I don't think it will break anything at least.

Since this is a new feature, it will have to wait until 2.9 but we can at least merge it in whenever you're ready.

Did you want to add an error if there's an unrecognized input?

@bwesterb
Copy link
Contributor Author

bwesterb commented Oct 3, 2023

Thank you for this. I noticed it doesn't reject unknown curve names, but maybe that's OK for a niche feature for now. I don't think it will break anything at least.

I'm mimicking the behaviour of tls.curve which also doesn't reject unknown curve names.

I can add an error for both if you like?

@francislavoie francislavoie modified the milestones: v2.9.0, v2.8.0 Jan 13, 2024
Example Caddyfile

    localhost {
        reverse_proxy https://example.com {
            transport http {
                tls_curves secp521r1
            }
        }
    }
@francislavoie francislavoie enabled auto-merge (squash) January 13, 2024 20:49
@francislavoie francislavoie merged commit f658fd0 into caddyserver:master Jan 13, 2024
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature ⚙️ New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants