Mercurial > hg > nginx-quic

comparison src/event/ngx_event_openssl.c @ 7413:7c00d8dbdb3a stable-1.14

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: logging levels of "unsupported protocol", "version too low". Starting with OpenSSL 1.1.0, SSL_R_UNSUPPORTED_PROTOCOL instead of SSL_R_UNKNOWN_PROTOCOL is reported when a protocol is disabled via an SSL_OP_NO_* option. Additionally, SSL_R_VERSION_TOO_LOW is reported when using MinProtocol or when seclevel checks (as set by @SECLEVEL=n in the cipher string) rejects a protocol, and this is what happens with SSLv3 and @SECLEVEL=1, which is the default. There is also the SSL_R_VERSION_TOO_HIGH error code, but it looks like it is not possible to trigger it.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 16 Jul 2018 17:47:18 +0300
parents 6c52c99c475e
children ea3f1f9af72c
comparison
equal deleted inserted replaced
7412:6c52c99c475e 7413:7c00d8dbdb3a
2078 #endif 2078 #endif
2079 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ 2079 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */
2080 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ 2080 || n == SSL_R_UNEXPECTED_RECORD /* 245 */
2081 || n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */ 2081 || n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */
2082 || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ 2082 || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */
2083 || n == SSL_R_UNSUPPORTED_PROTOCOL /* 258 */
2083 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ 2084 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */
2084 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ 2085 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */
2085 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG 2086 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
2086 || n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */ 2087 || n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */
2087 || n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */ 2088 || n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */
2093 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 2094 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
2094 || n == SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING /* 345 */ 2095 || n == SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING /* 345 */
2095 #endif 2096 #endif
2096 #ifdef SSL_R_INAPPROPRIATE_FALLBACK 2097 #ifdef SSL_R_INAPPROPRIATE_FALLBACK
2097 || n == SSL_R_INAPPROPRIATE_FALLBACK /* 373 */ 2098 || n == SSL_R_INAPPROPRIATE_FALLBACK /* 373 */
2099 #endif
2100 #ifdef SSL_R_VERSION_TOO_LOW
2101 || n == SSL_R_VERSION_TOO_LOW /* 396 */
2098 #endif 2102 #endif
2099 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ 2103 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
2100 #ifdef SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 2104 #ifdef SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE
2101 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ 2105 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */
2102 || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */ 2106 || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */