Mercurial > hg > nginx-quic
view src/mail/ngx_mail_imap_module.h @ 6553:2014ed60f17f
SSL: support for multiple curves (ticket #885).
OpenSSL 1.0.2+ allows configuring a curve list instead of a single curve
previously supported. This allows use of different curves depending on
what client supports (as available via the elliptic_curves extension),
and also allows use of different curves in an ECDHE key exchange and
in the ECDSA certificate.
The special value "auto" was introduced (now the default for ssl_ecdh_curve),
which means "use an internal list of curves as available in the OpenSSL
library used". For versions prior to OpenSSL 1.0.2 it maps to "prime256v1"
as previously used. The default in 1.0.2b+ prefers prime256v1 as well
(and X25519 in OpenSSL 1.1.0+).
As client vs. server preference of curves is controlled by the
same option as used for ciphers (SSL_OP_CIPHER_SERVER_PREFERENCE),
the ssl_prefer_server_ciphers directive now controls both.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 19 May 2016 14:46:32 +0300 |
parents | d620f497c50f |
children |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_MAIL_IMAP_MODULE_H_INCLUDED_ #define _NGX_MAIL_IMAP_MODULE_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_mail.h> typedef struct { size_t client_buffer_size; ngx_str_t capability; ngx_str_t starttls_capability; ngx_str_t starttls_only_capability; ngx_uint_t auth_methods; ngx_array_t capabilities; } ngx_mail_imap_srv_conf_t; void ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c); void ngx_mail_imap_init_protocol(ngx_event_t *rev); void ngx_mail_imap_auth_state(ngx_event_t *rev); ngx_int_t ngx_mail_imap_parse_command(ngx_mail_session_t *s); extern ngx_module_t ngx_mail_imap_module; #endif /* _NGX_MAIL_IMAP_MODULE_H_INCLUDED_ */