diff --git a/caddy/https/https.go b/caddy/https/https.go index 83e5a52e..f9214f14 100644 --- a/caddy/https/https.go +++ b/caddy/https/https.go @@ -404,7 +404,7 @@ const AlternatePort = "5033" // KeyType is the type to use for new keys. // This shouldn't need to change except for in tests; // the size can be drastically reduced for speed. -var KeyType acme.KeyType +var KeyType = acme.RSA2048 // stopChan is used to signal the maintenance goroutine // to terminate. diff --git a/caddy/https/setup.go b/caddy/https/setup.go index ac1f7da3..03d186a7 100644 --- a/caddy/https/setup.go +++ b/caddy/https/setup.go @@ -228,10 +228,6 @@ func loadCertsInDir(c *setup.Controller, dir string) error { // port to 443 if not already set, TLS is enabled, TLS is manual, and the host // does not equal localhost. func setDefaultTLSParams(c *server.Config) { - if KeyType == "" { - KeyType = acme.RSA2048 - } - // If no ciphers provided, use default list if len(c.TLS.Ciphers) == 0 { c.TLS.Ciphers = defaultCiphers diff --git a/caddy/https/setup_test.go b/caddy/https/setup_test.go index 220cb0bc..f1a07474 100644 --- a/caddy/https/setup_test.go +++ b/caddy/https/setup_test.go @@ -55,6 +55,11 @@ func TestSetupParseBasic(t *testing.T) { t.Errorf("Expected 'tls1.2 (0x0303)' as ProtocolMaxVersion, got %v", c.TLS.ProtocolMaxVersion) } + // KeyType default + if KeyType != acme.RSA2048 { + t.Errorf("Expected '2048' as KeyType, got %#v", KeyType) + } + // Cipher checks expectedCiphers := []uint16{ tls.TLS_FALLBACK_SCSV,