Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 4400:a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Support for TLSv1.1 and TLSv1.2 protocols was introduced in OpenSSL 1.0.1
(-beta1 was recently released). This change makes it possible to disable
these protocols and/or enable them without other protocols.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 11 Jan 2012 11:15:00 +0000 |
parents | 2ada2a26b24c |
children | d620f497c50f |
comparison
equal
deleted
inserted
replaced
4399:d2b3130fd8d9 | 4400:a0505851e70c |
---|---|
76 ngx_openssl_exit, /* exit master */ | 76 ngx_openssl_exit, /* exit master */ |
77 NGX_MODULE_V1_PADDING | 77 NGX_MODULE_V1_PADDING |
78 }; | 78 }; |
79 | 79 |
80 | 80 |
81 static long ngx_ssl_protocols[] = { | |
82 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1, | |
83 SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1, | |
84 SSL_OP_NO_SSLv2|SSL_OP_NO_TLSv1, | |
85 SSL_OP_NO_TLSv1, | |
86 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3, | |
87 SSL_OP_NO_SSLv3, | |
88 SSL_OP_NO_SSLv2, | |
89 0, | |
90 }; | |
91 | |
92 | |
93 int ngx_ssl_connection_index; | 81 int ngx_ssl_connection_index; |
94 int ngx_ssl_server_conf_index; | 82 int ngx_ssl_server_conf_index; |
95 int ngx_ssl_session_cache_index; | 83 int ngx_ssl_session_cache_index; |
96 | 84 |
97 | 85 |
169 | 157 |
170 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); | 158 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); |
171 | 159 |
172 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); | 160 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); |
173 | 161 |
174 if (ngx_ssl_protocols[protocols >> 1] != 0) { | 162 if (!(protocols & NGX_SSL_SSLv2)) { |
175 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); | 163 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2); |
176 } | 164 } |
165 if (!(protocols & NGX_SSL_SSLv3)) { | |
166 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3); | |
167 } | |
168 if (!(protocols & NGX_SSL_TLSv1)) { | |
169 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1); | |
170 } | |
171 #ifdef SSL_OP_NO_TLSv1_1 | |
172 if (!(protocols & NGX_SSL_TLSv1_1)) { | |
173 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1); | |
174 } | |
175 #endif | |
176 #ifdef SSL_OP_NO_TLSv1_2 | |
177 if (!(protocols & NGX_SSL_TLSv1_2)) { | |
178 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2); | |
179 } | |
180 #endif | |
177 | 181 |
178 #ifdef SSL_OP_NO_COMPRESSION | 182 #ifdef SSL_OP_NO_COMPRESSION |
179 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); | 183 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); |
180 #endif | 184 #endif |
181 | 185 |