Mercurial > hg > nginx-vendor-current

comparison src/event/ngx_event_openssl.c @ 658:5a4401b9551b NGINX_1_1_13

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 1.1.13 *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the "ssl_protocols" directive. *) Bugfix: the "limit_req" directive parameters were not inherited correctly; the bug had appeared in 1.1.12. *) Bugfix: the "proxy_redirect" directive incorrectly processed "Refresh" header if regular expression were used. *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter did not return answer from cache if there were no live upstreams. *) Bugfix: the "worker_cpu_affinity" directive might not work. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 1.1.12. *) Bugfix: in the ngx_http_mp4_module.
author Igor Sysoev <http://sysoev.ru>
date Mon, 16 Jan 2012 00:00:00 +0400
parents 615b5ea36fc0
children d0f7a625f27c
comparison
equal deleted inserted replaced
657:e1296af53cc0 658:5a4401b9551b
76 ngx_openssl_exit, /* exit master */ 76 ngx_openssl_exit, /* exit master */
77 NGX_MODULE_V1_PADDING 77 NGX_MODULE_V1_PADDING
78 }; 78 };
79 79
80 80
81 static long ngx_ssl_protocols[] = {
82 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1,
83 SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1,
84 SSL_OP_NO_SSLv2|SSL_OP_NO_TLSv1,
85 SSL_OP_NO_TLSv1,
86 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3,
87 SSL_OP_NO_SSLv3,
88 SSL_OP_NO_SSLv2,
89 0,
90 };
91
92
93 int ngx_ssl_connection_index; 81 int ngx_ssl_connection_index;
94 int ngx_ssl_server_conf_index; 82 int ngx_ssl_server_conf_index;
95 int ngx_ssl_session_cache_index; 83 int ngx_ssl_session_cache_index;
96 84
97 85
169 157
170 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); 158 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
171 159
172 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); 160 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
173 161
174 if (ngx_ssl_protocols[protocols >> 1] != 0) { 162 if (!(protocols & NGX_SSL_SSLv2)) {
175 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); 163 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
176 } 164 }
165 if (!(protocols & NGX_SSL_SSLv3)) {
166 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
167 }
168 if (!(protocols & NGX_SSL_TLSv1)) {
169 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
170 }
171 #ifdef SSL_OP_NO_TLSv1_1
172 if (!(protocols & NGX_SSL_TLSv1_1)) {
173 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
174 }
175 #endif
176 #ifdef SSL_OP_NO_TLSv1_2
177 if (!(protocols & NGX_SSL_TLSv1_2)) {
178 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
179 }
180 #endif
177 181
178 #ifdef SSL_OP_NO_COMPRESSION 182 #ifdef SSL_OP_NO_COMPRESSION
179 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); 183 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
180 #endif 184 #endif
181 185