From cb2474be6ee84a707a3f0d83ff1745beee364a7e Mon Sep 17 00:00:00 2001
From: 1000TurquoisePogs <sgrady@rocketsoftware.com>
Date: Wed, 14 Sep 2022 12:50:28 -0400
Subject: [PATCH 1/2] Update webapp.js

Signed-off-by: 1000TurquoisePogs <sgrady@rocketsoftware.com>
---
 lib/webapp.js | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/webapp.js b/lib/webapp.js
index a83b63f8..39128972 100644
--- a/lib/webapp.js
+++ b/lib/webapp.js
@@ -1517,12 +1517,16 @@ WebApp.prototype = {
   
   makeProxy(urlPrefix, noAuth, overrideOptions, host, port) {
     const r = express.Router();
+    let tlsOptions = Object.assign({}, this.options.tlsOptions);
+    delete tlsOptions.key;
+    delete tlsOptions.cert;
     let options = {
       urlPrefix,
       isHttps: false, 
       addProxyAuthorizations: (noAuth? null : this.auth.addProxyAuthorizations),
       processProxiedHeaders: (noAuth? null: this.auth.processProxiedHeaders),
-      allowInvalidTLSProxy: this.options.allowInvalidTLSProxy
+      allowInvalidTLSProxy: this.options.allowInvalidTLSProxy,
+      tlsOptions: tlsOptions
     };
     if (!(host && port)) {
       //destined for agent rather than 3rd party server
@@ -1546,13 +1550,17 @@ WebApp.prototype = {
   
   makeExternalProxy(host, port, urlPrefix, isHttps, noAuth, pluginID, serviceName) {
     const r = express.Router();
+    let tlsOptions = Object.assign({}, this.options.tlsOptions);
+    delete tlsOptions.key;
+    delete tlsOptions.cert;
     installLog.info(`ZWED0053I`, `${isHttps? 'HTTPS' : 'HTTP'}`, `${pluginID}:${serviceName}`, `${host}:${port}/${urlPrefix}`); //installLog.info(`Setting up ${isHttps? 'HTTPS' : 'HTTP'} proxy ` +`(${pluginID}:${serviceName}) to destination=${host}:${port}/${urlPrefix}`);
     let myProxy = proxy.makeSimpleProxy(host, port, {
       urlPrefix, 
       isHttps, 
       addProxyAuthorizations: (noAuth? null : this.auth.addProxyAuthorizations),
       processProxiedHeaders: (noAuth? null : this.auth.processProxiedHeaders),
-      allowInvalidTLSProxy: this.options.allowInvalidTLSProxy
+      allowInvalidTLSProxy: this.options.allowInvalidTLSProxy,
+      tlsOptions: tlsOptions
     }, pluginID, serviceName);
     proxyMap.set(pluginID + ":" + serviceName, myProxy);
     r.use(myProxy);

From 4f88f1a8cb87b92e00cba9dfd9dd1a33a806ef36 Mon Sep 17 00:00:00 2001
From: 1000TurquoisePogs <sgrady@rocketsoftware.com>
Date: Wed, 14 Sep 2022 12:50:58 -0400
Subject: [PATCH 2/2] Update CHANGELOG.md

Signed-off-by: 1000TurquoisePogs <sgrady@rocketsoftware.com>
---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9aaed431..64a2374d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@
 All notable changes to the Zlux Server Framework package will be documented in this file.
 This repo is part of the app-server Zowe Component, and the change logs here may appear on Zowe.org in that section.
 
+## 2.3.0
+
+- Bugfix: Proxies (zss, external services, and those made by router services) now default to the same HTTPS/TLS settings as the app-esrver.
+
 ## 2.0.0
 
 - Breaking change: The list of properties sent back from the /server/environment has changed to reflect the different environment values present in Zowe v2