changeset 534:a52c99698e7f NGINX_0_8_19

nginx 0.8.19 *) Change: now SSLv2 protocol is disabled by default. *) Change: now default SSL ciphers are "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM". *) Bugfix: a "limit_req" directive did not work; the bug had appeared in 0.8.18.
author Igor Sysoev <http://sysoev.ru>
date Tue, 06 Oct 2009 00:00:00 +0400
parents 4a44adbff19a
children 4584144e5de2
files CHANGES CHANGES.ru src/core/nginx.h src/http/modules/ngx_http_limit_req_module.c src/http/modules/ngx_http_ssl_module.c src/http/modules/perl/nginx.pm src/mail/ngx_mail_ssl_module.c
diffstat 7 files changed, 33 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES
+++ b/CHANGES
@@ -1,9 +1,19 @@
 
+Changes with nginx 0.8.19                                        06 Oct 2009
+
+    *) Change: now SSLv2 protocol is disabled by default.
+
+    *) Change: now default SSL ciphers are "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM".
+
+    *) Bugfix: a "limit_req" directive did not work; the bug had appeared 
+       in 0.8.18.
+
+
 Changes with nginx 0.8.18                                        06 Oct 2009
 
     *) Feature: the "read_ahead" directive.
 
-    *) Feature: now several "perl_modules" directive may be used.
+    *) Feature: now several "perl_modules" directives may be used.
 
     *) Feature: the "limit_req_log_level" and "limit_conn_log_level" 
        directives.
--- a/CHANGES.ru
+++ b/CHANGES.ru
@@ -1,4 +1,15 @@
 
+Изменения в nginx 0.8.19                                          06.10.2009
+
+    *) Изменение: теперь протокол SSLv2 по умолчанию запрещён.
+
+    *) Изменение: теперь по умолчанию используются следующие шифры SSL: 
+       "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM".
+
+    *) Исправление: директива limit_req не работала; ошибка появилась в 
+       0.8.18.
+
+
 Изменения в nginx 0.8.18                                          06.10.2009
 
     *) Добавление: директива read_ahead.
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -8,8 +8,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version         8018
-#define NGINX_VERSION      "0.8.18"
+#define nginx_version         8019
+#define NGINX_VERSION      "0.8.19"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"
--- a/src/http/modules/ngx_http_limit_req_module.c
+++ b/src/http/modules/ngx_http_limit_req_module.c
@@ -398,15 +398,15 @@ ngx_http_limit_req_lookup(ngx_http_limit
 
                 excess = lr->excess - ctx->rate * ngx_abs(ms) / 1000 + 1000;
 
+                if (excess < 0) {
+                    excess = 0;
+                }
+
                 if ((ngx_uint_t) excess > lrcf->burst) {
                     *lrp = lr;
                     return NGX_BUSY;
                 }
 
-                if (excess < 0) {
-                    excess = 0;
-                }
-
                 lr->excess = excess;
                 lr->last = now;
 
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -13,7 +13,7 @@ typedef ngx_int_t (*ngx_ssl_variable_han
     ngx_pool_t *pool, ngx_str_t *s);
 
 
-#define NGX_DEFAULT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
+#define NGX_DEFAULT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM"
 
 
 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
@@ -347,8 +347,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
                          prev->prefer_server_ciphers, 0);
 
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
-                         (NGX_CONF_BITMASK_SET
-                          |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
+                         (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
 
     ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
     ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
--- a/src/http/modules/perl/nginx.pm
+++ b/src/http/modules/perl/nginx.pm
@@ -47,7 +47,7 @@ our @EXPORT = qw(
     HTTP_INSUFFICIENT_STORAGE
 );
 
-our $VERSION = '0.8.18';
+our $VERSION = '0.8.19';
 
 require XSLoader;
 XSLoader::load('nginx', $VERSION);
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -9,7 +9,7 @@
 #include <ngx_mail.h>
 
 
-#define NGX_DEFAULT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
+#define NGX_DEFAULT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM"
 
 
 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
@@ -198,8 +198,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, 
                          prev->prefer_server_ciphers, 0);
 
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
-                         (NGX_CONF_BITMASK_SET
-                          |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
+                         (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
 
     ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
     ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");