Mercurial > hg > nginx-mail
diff src/http/modules/ngx_http_ssl_module.c @ 665:0b460e61bdcd default tip
Merge with nginx 1.0.0.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 25 Apr 2011 04:22:17 +0400 |
parents | 8246d8a2c2be |
children |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -13,7 +13,7 @@ typedef ngx_int_t (*ngx_ssl_variable_han ngx_pool_t *pool, ngx_str_t *s); -#define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" +#define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, @@ -184,6 +184,9 @@ static ngx_http_variable_t ngx_http_ssl { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, @@ -311,8 +314,7 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t * sscf->dhparam = { 0, NULL }; * sscf->client_certificate = { 0, NULL }; * sscf->crl = { 0, NULL }; - * sscf->ciphers.len = 0; - * sscf->ciphers.data = NULL; + * sscf->ciphers = { 0, NULL }; * sscf->shm_zone = NULL; */ @@ -344,8 +346,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t * prev->prefer_server_ciphers, 0); ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, - (NGX_CONF_BITMASK_SET - |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); + (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); @@ -407,7 +408,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t * == 0) { ngx_log_error(NGX_LOG_WARN, cf->log, 0, - "nginx was build with SNI support, however, now it is linked " + "nginx was built with SNI support, however, now it is linked " "dynamically to an OpenSSL library which has no tlsext support, " "therefore SNI is not available"); }