Mercurial > hg > nginx-quic
annotate auto/module @ 6554:1aa9650a8154
SSL: removed default DH parameters.
Using the same DH parameters on multiple servers is believed to be subject
to precomputation attacks, see http://weakdh.org/. Additionally, 1024 bits
are not enough in the modern world as well. Let users provide their own
DH parameters with the ssl_dhparam directive if they want to use EDH ciphers.
Note that SSL_CTX_set_dh_auto() as provided by OpenSSL 1.1.0 uses fixed
DH parameters from RFC 5114 and RFC 3526, and therefore subject to the same
precomputation attacks. We avoid using it as well.
This change also fixes compilation with OpenSSL 1.1.0-pre5 (aka Beta 2),
as OpenSSL developers changed their policy after releasing Beta 1 and
broke API once again by making the DH struct opaque (see ticket #860).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 19 May 2016 14:46:32 +0300 |
parents | 39a806ccf21e |
children | 9eefb38f0005 |
rev | line source |
---|---|
6382
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
1 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
2 # Copyright (C) Ruslan Ermilov |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
3 # Copyright (C) Nginx, Inc. |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
4 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
5 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
6 case $ngx_module_type in |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
7 HTTP_*) ngx_var=HTTP ;; |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
8 *) ngx_var=$ngx_module_type ;; |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
9 esac |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
10 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
11 |
6383 | 12 if [ "$ngx_module_link" = DYNAMIC ]; then |
13 | |
14 for ngx_module in $ngx_module_name; do | |
15 # extract the first name | |
16 break | |
17 done | |
18 | |
19 DYNAMIC_MODULES="$DYNAMIC_MODULES $ngx_module" | |
20 eval ${ngx_module}_SRCS=\"$ngx_module_srcs\" | |
21 | |
22 eval ${ngx_module}_MODULES=\"$ngx_module_name\" | |
23 | |
24 if [ -z "$ngx_module_order" -a \ | |
25 \( "$ngx_module_type" = "HTTP_FILTER" \ | |
26 -o "$ngx_module_type" = "HTTP_AUX_FILTER" \) ] | |
27 then | |
28 eval ${ngx_module}_ORDER=\"$ngx_module_name \ | |
29 ngx_http_copy_filter_module\" | |
30 else | |
31 eval ${ngx_module}_ORDER=\"$ngx_module_order\" | |
32 fi | |
33 | |
34 if test -n "$ngx_module_incs"; then | |
35 CORE_INCS="$CORE_INCS $ngx_module_incs" | |
36 fi | |
37 | |
38 libs= | |
39 for lib in $ngx_module_libs | |
40 do | |
41 case $lib in | |
42 | |
6419 | 43 LIBXSLT | LIBGD | GEOIP | PERL) |
6383 | 44 libs="$libs \$NGX_LIB_$lib" |
45 | |
46 if eval [ "\$USE_${lib}" = NO ] ; then | |
47 eval USE_${lib}=DYNAMIC | |
48 fi | |
49 ;; | |
50 | |
6419 | 51 PCRE | OPENSSL | MD5 | SHA1 | ZLIB) |
6383 | 52 eval USE_${lib}=YES |
53 ;; | |
54 | |
55 *) | |
56 libs="$libs $lib" | |
57 ;; | |
58 | |
59 esac | |
60 done | |
61 eval ${ngx_module}_LIBS=\'$libs\' | |
62 | |
63 elif [ "$ngx_module_link" = YES ]; then | |
6382
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
64 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
65 eval ${ngx_module_type}_MODULES=\"\$${ngx_module_type}_MODULES \ |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
66 $ngx_module_name\" |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
67 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
68 eval ${ngx_var}_SRCS=\"\$${ngx_var}_SRCS $ngx_module_srcs\" |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
69 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
70 if test -n "$ngx_module_incs"; then |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
71 eval ${ngx_var}_INCS=\"\$${ngx_var}_INCS $ngx_module_incs\" |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
72 fi |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
73 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
74 if test -n "$ngx_module_deps"; then |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
75 eval ${ngx_var}_DEPS=\"\$${ngx_var}_DEPS $ngx_module_deps\" |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
76 fi |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
77 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
78 for lib in $ngx_module_libs |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
79 do |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
80 case $lib in |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
81 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
82 PCRE | OPENSSL | MD5 | SHA1 | ZLIB | LIBXSLT | LIBGD | PERL | GEOIP) |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
83 eval USE_${lib}=YES |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
84 ;; |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
85 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
86 *) |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
87 CORE_LIBS="$CORE_LIBS $lib" |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
88 ;; |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
89 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
90 esac |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
91 done |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
92 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
93 elif [ "$ngx_module_link" = ADDON ]; then |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
94 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
95 eval ${ngx_module_type}_MODULES=\"\$${ngx_module_type}_MODULES \ |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
96 $ngx_module_name\" |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
97 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
98 NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_module_srcs" |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
99 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
100 if test -n "$ngx_module_incs"; then |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
101 eval ${ngx_var}_INCS=\"\$${ngx_var}_INCS $ngx_module_incs\" |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
102 fi |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
103 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
104 if test -n "$ngx_module_deps"; then |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
105 NGX_ADDON_DEPS="$NGX_ADDON_DEPS $ngx_module_deps" |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
106 fi |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
107 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
108 for lib in $ngx_module_libs |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
109 do |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
110 case $lib in |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
111 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
112 PCRE | OPENSSL | MD5 | SHA1 | ZLIB | LIBXSLT | LIBGD | PERL | GEOIP) |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
113 eval USE_${lib}=YES |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
114 ;; |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
115 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
116 *) |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
117 CORE_LIBS="$CORE_LIBS $lib" |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
118 ;; |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
119 |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
120 esac |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
121 done |
392959224560
Dynamic modules: auto/module script.
Maxim Dounin <mdounin@mdounin.ru>
parents:
diff
changeset
|
122 fi |