Mercurial > hg > nginx-vendor-current
comparison src/event/ngx_event_openssl.c @ 658:5a4401b9551b NGINX_1_1_13
nginx 1.1.13
*) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the
"ssl_protocols" directive.
*) Bugfix: the "limit_req" directive parameters were not inherited
correctly; the bug had appeared in 1.1.12.
*) Bugfix: the "proxy_redirect" directive incorrectly processed
"Refresh" header if regular expression were used.
*) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter
did not return answer from cache if there were no live upstreams.
*) Bugfix: the "worker_cpu_affinity" directive might not work.
*) Bugfix: nginx could not be built on Solaris; the bug had appeared in
1.1.12.
*) Bugfix: in the ngx_http_mp4_module.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 16 Jan 2012 00:00:00 +0400 |
parents | 615b5ea36fc0 |
children | d0f7a625f27c |
comparison
equal
deleted
inserted
replaced
657:e1296af53cc0 | 658:5a4401b9551b |
---|---|
76 ngx_openssl_exit, /* exit master */ | 76 ngx_openssl_exit, /* exit master */ |
77 NGX_MODULE_V1_PADDING | 77 NGX_MODULE_V1_PADDING |
78 }; | 78 }; |
79 | 79 |
80 | 80 |
81 static long ngx_ssl_protocols[] = { | |
82 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1, | |
83 SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1, | |
84 SSL_OP_NO_SSLv2|SSL_OP_NO_TLSv1, | |
85 SSL_OP_NO_TLSv1, | |
86 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3, | |
87 SSL_OP_NO_SSLv3, | |
88 SSL_OP_NO_SSLv2, | |
89 0, | |
90 }; | |
91 | |
92 | |
93 int ngx_ssl_connection_index; | 81 int ngx_ssl_connection_index; |
94 int ngx_ssl_server_conf_index; | 82 int ngx_ssl_server_conf_index; |
95 int ngx_ssl_session_cache_index; | 83 int ngx_ssl_session_cache_index; |
96 | 84 |
97 | 85 |
169 | 157 |
170 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); | 158 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); |
171 | 159 |
172 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); | 160 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); |
173 | 161 |
174 if (ngx_ssl_protocols[protocols >> 1] != 0) { | 162 if (!(protocols & NGX_SSL_SSLv2)) { |
175 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); | 163 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2); |
176 } | 164 } |
165 if (!(protocols & NGX_SSL_SSLv3)) { | |
166 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3); | |
167 } | |
168 if (!(protocols & NGX_SSL_TLSv1)) { | |
169 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1); | |
170 } | |
171 #ifdef SSL_OP_NO_TLSv1_1 | |
172 if (!(protocols & NGX_SSL_TLSv1_1)) { | |
173 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1); | |
174 } | |
175 #endif | |
176 #ifdef SSL_OP_NO_TLSv1_2 | |
177 if (!(protocols & NGX_SSL_TLSv1_2)) { | |
178 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2); | |
179 } | |
180 #endif | |
177 | 181 |
178 #ifdef SSL_OP_NO_COMPRESSION | 182 #ifdef SSL_OP_NO_COMPRESSION |
179 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); | 183 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); |
180 #endif | 184 #endif |
181 | 185 |