1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
diff --git a/caddyhttp/httpserver/server.go b/caddyhttp/httpserver/server.go
index c3fbc66..01b3116 100644
--- a/caddyhttp/httpserver/server.go
+++ b/caddyhttp/httpserver/server.go
@@ -32,7 +32,6 @@ import (
"sync"
"time"
- "github.com/lucas-clemente/quic-go/h2quic"
"github.com/mholt/caddy"
"github.com/mholt/caddy/caddyhttp/staticfiles"
"github.com/mholt/caddy/caddytls"
@@ -41,7 +40,6 @@ import (
// Server is the HTTP server implementation.
type Server struct {
Server *http.Server
- quicServer *h2quic.Server
listener net.Listener
listenerMu sync.Mutex
sites []*SiteConfig
@@ -104,12 +102,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) {
// if TLS is enabled, make sure we prepare the Server accordingly
if s.Server.TLSConfig != nil {
- // enable QUIC if desired (requires HTTP/2)
- if HTTP2 && QUIC {
- s.quicServer = &h2quic.Server{Server: s.Server}
- s.Server.Handler = s.wrapWithSvcHeaders(s.Server.Handler)
- }
-
// wrap the HTTP handler with a handler that does MITM detection
tlsh := &tlsHandler{next: s.Server.Handler}
s.Server.Handler = tlsh // this needs to be the "outer" handler when Serve() is called, for type assertion
@@ -236,7 +228,6 @@ func makeHTTPServerWithTimeouts(addr string, group []*SiteConfig) *http.Server {
func (s *Server) wrapWithSvcHeaders(previousHandler http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
- s.quicServer.SetQuicHeaders(w.Header())
previousHandler.ServeHTTP(w, r)
}
}
@@ -322,18 +313,11 @@ func (s *Server) Serve(ln net.Listener) error {
if err == http.ErrServerClosed {
err = nil // not an error worth reporting since closing a server is intentional
}
- if s.quicServer != nil {
- s.quicServer.Close()
- }
return err
}
// ServePacket serves QUIC requests on pc until it is closed.
func (s *Server) ServePacket(pc net.PacketConn) error {
- if s.quicServer != nil {
- err := s.quicServer.Serve(pc.(*net.UDPConn))
- return fmt.Errorf("serving QUIC connections: %v", err)
- }
return nil
}
diff --git a/caddyhttp/proxy/reverseproxy.go b/caddyhttp/proxy/reverseproxy.go
index c528cf4..9f1dff3 100644
--- a/caddyhttp/proxy/reverseproxy.go
+++ b/caddyhttp/proxy/reverseproxy.go
@@ -39,8 +39,6 @@ import (
"golang.org/x/net/http2"
- "github.com/lucas-clemente/quic-go"
- "github.com/lucas-clemente/quic-go/h2quic"
"github.com/mholt/caddy/caddyhttp/httpserver"
)
@@ -246,13 +244,6 @@ func NewSingleHostReverseProxy(target *url.URL, without string, keepalive int, t
rp.Transport = &http.Transport{
Dial: socketDial(target.String(), timeout),
}
- } else if target.Scheme == "quic" {
- rp.Transport = &h2quic.RoundTripper{
- QuicConfig: &quic.Config{
- HandshakeTimeout: defaultCryptoHandshakeTimeout,
- KeepAlive: true,
- },
- }
} else if keepalive != http.DefaultMaxIdleConnsPerHost || strings.HasPrefix(target.Scheme, "srv") {
dialFunc := rp.dialer.Dial
if strings.HasPrefix(target.Scheme, "srv") {
@@ -301,11 +292,6 @@ func (rp *ReverseProxy) UseInsecureTransport() {
// No http2.ConfigureTransport() here.
// For now this is only added in places where
// an http.Transport is actually created.
- } else if transport, ok := rp.Transport.(*h2quic.RoundTripper); ok {
- if transport.TLSClientConfig == nil {
- transport.TLSClientConfig = &tls.Config{}
- }
- transport.TLSClientConfig.InsecureSkipVerify = true
}
}
@@ -323,10 +309,6 @@ func (rp *ReverseProxy) ServeHTTP(rw http.ResponseWriter, outreq *http.Request,
rp.Director(outreq)
- if outreq.URL.Scheme == "quic" {
- outreq.URL.Scheme = "https" // Change scheme back to https for QUIC RoundTripper
- }
-
res, err := transport.RoundTrip(outreq)
if err != nil {
return err
diff --git a/caddytls/config.go b/caddytls/config.go
index 80f1633..ae722d8 100644
--- a/caddytls/config.go
+++ b/caddytls/config.go
@@ -23,7 +23,6 @@ import (
"net/url"
"strings"
- "github.com/codahale/aesnicheck"
"github.com/mholt/caddy"
"github.com/xenolf/lego/acmev2"
)
@@ -648,10 +647,6 @@ var defaultCiphersNonAESNI = []uint16{
//
// See https://github.com/mholt/caddy/issues/1674
func getPreferredDefaultCiphers() []uint16 {
- if aesnicheck.HasAESNI() {
- return defaultCiphers
- }
-
// Return a cipher suite that prefers ChaCha20
return defaultCiphersNonAESNI
}
|