Mercurial > hg > nginx-quic

view auto/summary @ 6554:1aa9650a8154

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: removed default DH parameters. Using the same DH parameters on multiple servers is believed to be subject to precomputation attacks, see http://weakdh.org/. Additionally, 1024 bits are not enough in the modern world as well. Let users provide their own DH parameters with the ssl_dhparam directive if they want to use EDH ciphers. Note that SSL_CTX_set_dh_auto() as provided by OpenSSL 1.1.0 uses fixed DH parameters from RFC 5114 and RFC 3526, and therefore subject to the same precomputation attacks. We avoid using it as well. This change also fixes compilation with OpenSSL 1.1.0-pre5 (aka Beta 2), as OpenSSL developers changed their policy after releasing Beta 1 and broke API once again by making the DH struct opaque (see ticket #860).
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 19 May 2016 14:46:32 +0300
parents 85dea406e18f
children 9eefb38f0005
line wrap: on
line source


# Copyright (C) Igor Sysoev
# Copyright (C) Nginx, Inc.


echo
echo "Configuration summary"


if [ $USE_THREADS = YES ]; then
    echo "  + using threads"
fi

if [ $USE_PCRE = DISABLED ]; then
    echo "  + PCRE library is disabled"

else
    case $PCRE in
        YES)   echo "  + using system PCRE library" ;;
        NONE)  echo "  + PCRE library is not used" ;;
        *)     echo "  + using PCRE library: $PCRE" ;;
    esac
fi

case $OPENSSL in
    YES)   echo "  + using system OpenSSL library" ;;
    NONE)  echo "  + OpenSSL library is not used" ;;
    *)     echo "  + using OpenSSL library: $OPENSSL" ;;
esac

case $MD5 in
    YES)   echo "  + md5: using $MD5_LIB library" ;;
    NONE)  echo "  + md5 library is not used" ;;
    NO)    echo "  + using builtin md5 code" ;;
    *)     echo "  + using md5 library: $MD5" ;;
esac

case $SHA1 in
    YES)   echo "  + sha1: using $SHA1_LIB library" ;;
    NONE)  echo "  + sha1 library is not used" ;;
    NO)    echo "  + sha1 library is not found" ;;
    *)     echo "  + using sha1 library: $SHA1" ;;
esac

case $ZLIB in
    YES)   echo "  + using system zlib library" ;;
    NONE)  echo "  + zlib library is not used" ;;
    *)     echo "  + using zlib library: $ZLIB" ;;
esac

case $NGX_LIBATOMIC in
    YES)   echo "  + using system libatomic_ops library" ;;
    NO)    ;; # not used
    *)     echo "  + using libatomic_ops library: $NGX_LIBATOMIC" ;;
esac

echo


cat << END
  nginx path prefix: "$NGX_PREFIX"
  nginx binary file: "$NGX_SBIN_PATH"
  nginx modules path: "$NGX_MODULES_PATH"
  nginx configuration prefix: "$NGX_CONF_PREFIX"
  nginx configuration file: "$NGX_CONF_PATH"
  nginx pid file: "$NGX_PID_PATH"
END

if test -n "$NGX_ERROR_LOG_PATH"; then
    echo "  nginx error log file: \"$NGX_ERROR_LOG_PATH\""
else
    echo "  nginx logs errors to stderr"
fi

cat << END
  nginx http access log file: "$NGX_HTTP_LOG_PATH"
  nginx http client request body temporary files: "$NGX_HTTP_CLIENT_TEMP_PATH"
END

if [ $HTTP_PROXY = YES ]; then
    echo "  nginx http proxy temporary files: \"$NGX_HTTP_PROXY_TEMP_PATH\""
fi

if [ $HTTP_FASTCGI = YES ]; then
    echo "  nginx http fastcgi temporary files: \"$NGX_HTTP_FASTCGI_TEMP_PATH\""
fi

if [ $HTTP_UWSGI = YES ]; then
    echo "  nginx http uwsgi temporary files: \"$NGX_HTTP_UWSGI_TEMP_PATH\""
fi

if [ $HTTP_SCGI = YES ]; then
    echo "  nginx http scgi temporary files: \"$NGX_HTTP_SCGI_TEMP_PATH\""
fi

echo "$NGX_POST_CONF_MSG"