diff options
Diffstat (limited to 'noquic_aesni.patch')
| -rw-r--r-- | noquic_aesni.patch | 41 |
1 files changed, 9 insertions, 32 deletions
diff --git a/noquic_aesni.patch b/noquic_aesni.patch index b0a1b90c3edc..cd246168a22c 100644 --- a/noquic_aesni.patch +++ b/noquic_aesni.patch @@ -1,5 +1,5 @@ diff --git a/caddyhttp/httpserver/server.go b/caddyhttp/httpserver/server.go -index c3fbc66..01b3116 100644 +index 800f921..6b9f690 100644 --- a/caddyhttp/httpserver/server.go +++ b/caddyhttp/httpserver/server.go @@ -32,7 +32,6 @@ import ( @@ -10,7 +10,7 @@ index c3fbc66..01b3116 100644 "github.com/mholt/caddy" "github.com/mholt/caddy/caddyhttp/staticfiles" "github.com/mholt/caddy/caddytls" -@@ -41,7 +40,6 @@ import ( +@@ -42,7 +41,6 @@ import ( // Server is the HTTP server implementation. type Server struct { Server *http.Server @@ -18,7 +18,7 @@ index c3fbc66..01b3116 100644 listener net.Listener listenerMu sync.Mutex sites []*SiteConfig -@@ -104,12 +102,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) { +@@ -105,12 +103,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) { // if TLS is enabled, make sure we prepare the Server accordingly if s.Server.TLSConfig != nil { @@ -31,7 +31,7 @@ index c3fbc66..01b3116 100644 // wrap the HTTP handler with a handler that does MITM detection tlsh := &tlsHandler{next: s.Server.Handler} s.Server.Handler = tlsh // this needs to be the "outer" handler when Serve() is called, for type assertion -@@ -236,7 +228,6 @@ func makeHTTPServerWithTimeouts(addr string, group []*SiteConfig) *http.Server { +@@ -237,7 +229,6 @@ func makeHTTPServerWithTimeouts(addr string, group []*SiteConfig) *http.Server { func (s *Server) wrapWithSvcHeaders(previousHandler http.Handler) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { @@ -39,7 +39,7 @@ index c3fbc66..01b3116 100644 previousHandler.ServeHTTP(w, r) } } -@@ -322,18 +313,11 @@ func (s *Server) Serve(ln net.Listener) error { +@@ -323,18 +314,11 @@ func (s *Server) Serve(ln net.Listener) error { if err == http.ErrServerClosed { err = nil // not an error worth reporting since closing a server is intentional } @@ -59,7 +59,7 @@ index c3fbc66..01b3116 100644 } diff --git a/caddyhttp/proxy/reverseproxy.go b/caddyhttp/proxy/reverseproxy.go -index c528cf4..9f1dff3 100644 +index 4de24ea..a7eb9da 100644 --- a/caddyhttp/proxy/reverseproxy.go +++ b/caddyhttp/proxy/reverseproxy.go @@ -39,8 +39,6 @@ import ( @@ -71,7 +71,7 @@ index c528cf4..9f1dff3 100644 "github.com/mholt/caddy/caddyhttp/httpserver" ) -@@ -246,13 +244,6 @@ func NewSingleHostReverseProxy(target *url.URL, without string, keepalive int, t +@@ -245,13 +243,6 @@ func NewSingleHostReverseProxy(target *url.URL, without string, keepalive int, t rp.Transport = &http.Transport{ Dial: socketDial(target.String(), timeout), } @@ -85,7 +85,7 @@ index c528cf4..9f1dff3 100644 } else if keepalive != http.DefaultMaxIdleConnsPerHost || strings.HasPrefix(target.Scheme, "srv") { dialFunc := rp.dialer.Dial if strings.HasPrefix(target.Scheme, "srv") { -@@ -301,11 +292,6 @@ func (rp *ReverseProxy) UseInsecureTransport() { +@@ -298,11 +289,6 @@ func (rp *ReverseProxy) UseInsecureTransport() { // No http2.ConfigureTransport() here. // For now this is only added in places where // an http.Transport is actually created. @@ -97,7 +97,7 @@ index c528cf4..9f1dff3 100644 } } -@@ -323,10 +309,6 @@ func (rp *ReverseProxy) ServeHTTP(rw http.ResponseWriter, outreq *http.Request, +@@ -316,10 +302,6 @@ func (rp *ReverseProxy) ServeHTTP(rw http.ResponseWriter, outreq *http.Request, rp.Director(outreq) @@ -108,26 +108,3 @@ index c528cf4..9f1dff3 100644 res, err := transport.RoundTrip(outreq) if err != nil { return err -diff --git a/caddytls/config.go b/caddytls/config.go -index 80f1633..ae722d8 100644 ---- a/caddytls/config.go -+++ b/caddytls/config.go -@@ -23,7 +23,6 @@ import ( - "net/url" - "strings" - -- "github.com/codahale/aesnicheck" - "github.com/mholt/caddy" - "github.com/xenolf/lego/acmev2" - ) -@@ -648,10 +647,6 @@ var defaultCiphersNonAESNI = []uint16{ - // - // See https://github.com/mholt/caddy/issues/1674 - func getPreferredDefaultCiphers() []uint16 { -- if aesnicheck.HasAESNI() { -- return defaultCiphers -- } -- - // Return a cipher suite that prefers ChaCha20 - return defaultCiphersNonAESNI - } |