reverseproxy: add tls_server_cert_sha256

caddyserver / caddy

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

https://caddyserver.com

Apache License 2.0

55.48k stars 3.91k forks source link

reverseproxy: add tls_server_cert_sha256 #6329

Open akovalenko opened 1 month ago

akovalenko commented 1 month ago

Unfortunately there are some production setups requiring tls_insecure_skip_verify in reverse_proxy, like old devices with outdated firmware. In many such cases, the devices aren't supposed to regenerate or update their certificates.

This patch adds tls_server_cert_sha256 directive for reverse_proxy, making MITM impossible even with tls_insecure_skip_verify.

CLAassistant commented 1 month ago

All committers have signed the CLA.