Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 6591:04d8d1f85649
SSL: ngx_ssl_ciphers() to set list of ciphers.
This patch moves various OpenSSL-specific function calls into the
OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
crypto-library-agnostic.
| author | Tim Taubert <tim@timtaubert.de> |
|---|---|
| date | Wed, 15 Jun 2016 21:05:30 +0100 |
| parents | 2014ed60f17f |
| children | 56d6bfe6b609 |
comparison
equal
deleted
inserted
replaced
| 6590:d375f4210e41 | 6591:04d8d1f85649 |
|---|---|
| 687 != NGX_OK) | 687 != NGX_OK) |
| 688 { | 688 { |
| 689 return NGX_CONF_ERROR; | 689 return NGX_CONF_ERROR; |
| 690 } | 690 } |
| 691 | 691 |
| 692 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, | 692 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers, |
| 693 (const char *) conf->ciphers.data) | 693 conf->prefer_server_ciphers) |
| 694 == 0) | 694 != NGX_OK) |
| 695 { | 695 { |
| 696 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | |
| 697 "SSL_CTX_set_cipher_list(\"%V\") failed", | |
| 698 &conf->ciphers); | |
| 699 return NGX_CONF_ERROR; | 696 return NGX_CONF_ERROR; |
| 700 } | 697 } |
| 701 | 698 |
| 702 conf->ssl.buffer_size = conf->buffer_size; | 699 conf->ssl.buffer_size = conf->buffer_size; |
| 703 | 700 |
| 728 | 725 |
| 729 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { | 726 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { |
| 730 return NGX_CONF_ERROR; | 727 return NGX_CONF_ERROR; |
| 731 } | 728 } |
| 732 | 729 |
| 733 if (conf->prefer_server_ciphers) { | |
| 734 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
| 735 } | |
| 736 | |
| 737 #if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER) | |
| 738 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | |
| 739 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); | |
| 740 #endif | |
| 741 | |
| 742 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { | 730 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
| 743 return NGX_CONF_ERROR; | 731 return NGX_CONF_ERROR; |
| 744 } | 732 } |
| 745 | 733 |
| 746 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) { | 734 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) { |