diff --git a/internal/reader/fetcher/request_builder.go b/internal/reader/fetcher/request_builder.go index c93c460b..06c1bf24 100644 --- a/internal/reader/fetcher/request_builder.go +++ b/internal/reader/fetcher/request_builder.go @@ -11,6 +11,7 @@ import ( "net" "net/http" "net/url" + "slices" "time" "miniflux.app/v2/internal/proxyrotator" @@ -124,38 +125,29 @@ func (r *RequestBuilder) IgnoreTLSErrors(value bool) *RequestBuilder { } func (r *RequestBuilder) ExecuteRequest(requestURL string) (*http.Response, error) { - // We get the safe ciphers - ciphers := tls.CipherSuites() - if r.ignoreTLSErrors { - // and the insecure ones if we are ignoring TLS errors. This allows to connect to badly configured servers anyway - ciphers = append(ciphers, tls.InsecureCipherSuites()...) - } - cipherSuites := make([]uint16, 0, len(ciphers)) - for _, cipher := range ciphers { - cipherSuites = append(cipherSuites, cipher.ID) - } transport := &http.Transport{ Proxy: http.ProxyFromEnvironment, // Setting `DialContext` disables HTTP/2, this option forces the transport to try HTTP/2 regardless. ForceAttemptHTTP2: true, DialContext: (&net.Dialer{ - // Default is 30s. - Timeout: 10 * time.Second, - - // Default is 30s. - KeepAlive: 15 * time.Second, + Timeout: 10 * time.Second, // Default is 30s. + KeepAlive: 15 * time.Second, // Default is 30s. }).DialContext, + MaxIdleConns: 50, // Default is 100. + IdleConnTimeout: 10 * time.Second, // Default is 90s. + } - // Default is 100. - MaxIdleConns: 50, - - // Default is 90s. - IdleConnTimeout: 10 * time.Second, - - TLSClientConfig: &tls.Config{ + if r.ignoreTLSErrors { + // Add insecure ciphers if we are ignoring TLS errors. This allows to connect to badly configured servers anyway + ciphers := slices.Concat(tls.CipherSuites(), tls.InsecureCipherSuites()) + cipherSuites := make([]uint16, 0, len(ciphers)) + for _, cipher := range ciphers { + cipherSuites = append(cipherSuites, cipher.ID) + } + transport.TLSClientConfig = &tls.Config{ CipherSuites: cipherSuites, - InsecureSkipVerify: r.ignoreTLSErrors, - }, + InsecureSkipVerify: true, + } } if r.disableHTTP2 {