mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
httpserver: fixes #8641
Changes to the http_server class meant that the TLS settings were not getting applied anymore. This fixes so that the minimum TLS version is 1.2 again.
This commit is contained in:
parent
ad080af38f
commit
0eb297822c
@ -61,7 +61,7 @@ func (hs *HttpServer) Start(ctx context.Context) error {
|
||||
return nil
|
||||
}
|
||||
case setting.HTTPS:
|
||||
err = hs.httpSrv.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
|
||||
err = hs.listenAndServeTLS(setting.CertFile, setting.KeyFile)
|
||||
if err == http.ErrServerClosed {
|
||||
hs.log.Debug("server was shutdown gracefully")
|
||||
return nil
|
||||
@ -92,7 +92,7 @@ func (hs *HttpServer) Shutdown(ctx context.Context) error {
|
||||
return err
|
||||
}
|
||||
|
||||
func (hs *HttpServer) listenAndServeTLS(listenAddr, certfile, keyfile string) error {
|
||||
func (hs *HttpServer) listenAndServeTLS(certfile, keyfile string) error {
|
||||
if certfile == "" {
|
||||
return fmt.Errorf("cert_file cannot be empty when using HTTPS")
|
||||
}
|
||||
@ -127,14 +127,11 @@ func (hs *HttpServer) listenAndServeTLS(listenAddr, certfile, keyfile string) er
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
},
|
||||
}
|
||||
srv := &http.Server{
|
||||
Addr: listenAddr,
|
||||
Handler: hs.macaron,
|
||||
TLSConfig: tlsCfg,
|
||||
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
|
||||
}
|
||||
|
||||
return srv.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
|
||||
hs.httpSrv.TLSConfig = tlsCfg
|
||||
hs.httpSrv.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0)
|
||||
|
||||
return hs.httpSrv.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
|
||||
}
|
||||
|
||||
func (hs *HttpServer) newMacaron() *macaron.Macaron {
|
||||
|
Loading…
Reference in New Issue
Block a user