Mercurial > hg > nginx-quic
annotate docs/text/LICENSE @ 6554:1aa9650a8154
SSL: removed default DH parameters.
Using the same DH parameters on multiple servers is believed to be subject
to precomputation attacks, see http://weakdh.org/. Additionally, 1024 bits
are not enough in the modern world as well. Let users provide their own
DH parameters with the ssl_dhparam directive if they want to use EDH ciphers.
Note that SSL_CTX_set_dh_auto() as provided by OpenSSL 1.1.0 uses fixed
DH parameters from RFC 5114 and RFC 3526, and therefore subject to the same
precomputation attacks. We avoid using it as well.
This change also fixes compilation with OpenSSL 1.1.0-pre5 (aka Beta 2),
as OpenSSL developers changed their policy after releasing Beta 1 and
broke API once again by making the DH struct opaque (see ticket #860).
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 19 May 2016 14:46:32 +0300 |
| parents | 9d06921918af |
| children | 8c4d07ef08f5 |
| rev | line source |
|---|---|
| 450 | 1 /* |
| 6333 | 2 * Copyright (C) 2002-2016 Igor Sysoev |
| 3 * Copyright (C) 2011-2016 Nginx, Inc. | |
|
4753
808dee4f2b22
Synchronized the license text with the FreeBSD's bsd-style-copyright.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
4 * All rights reserved. |
| 450 | 5 * |
| 6 * Redistribution and use in source and binary forms, with or without | |
| 7 * modification, are permitted provided that the following conditions | |
| 8 * are met: | |
| 9 * 1. Redistributions of source code must retain the above copyright | |
| 10 * notice, this list of conditions and the following disclaimer. | |
| 11 * 2. Redistributions in binary form must reproduce the above copyright | |
| 12 * notice, this list of conditions and the following disclaimer in the | |
| 13 * documentation and/or other materials provided with the distribution. | |
| 14 * | |
|
4753
808dee4f2b22
Synchronized the license text with the FreeBSD's bsd-style-copyright.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
| 450 | 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
|
4753
808dee4f2b22
Synchronized the license text with the FreeBSD's bsd-style-copyright.
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| 450 | 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
| 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
| 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
| 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
| 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
| 25 * SUCH DAMAGE. | |
| 26 */ |