Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 6591:04d8d1f85649
SSL: ngx_ssl_ciphers() to set list of ciphers.
This patch moves various OpenSSL-specific function calls into the
OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
crypto-library-agnostic.
author | Tim Taubert <tim@timtaubert.de> |
---|---|
date | Wed, 15 Jun 2016 21:05:30 +0100 |
parents | 2014ed60f17f |
children | 56d6bfe6b609 |
comparison
equal
deleted
inserted
replaced
6590:d375f4210e41 | 6591:04d8d1f85649 |
---|---|
687 != NGX_OK) | 687 != NGX_OK) |
688 { | 688 { |
689 return NGX_CONF_ERROR; | 689 return NGX_CONF_ERROR; |
690 } | 690 } |
691 | 691 |
692 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, | 692 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers, |
693 (const char *) conf->ciphers.data) | 693 conf->prefer_server_ciphers) |
694 == 0) | 694 != NGX_OK) |
695 { | 695 { |
696 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | |
697 "SSL_CTX_set_cipher_list(\"%V\") failed", | |
698 &conf->ciphers); | |
699 return NGX_CONF_ERROR; | 696 return NGX_CONF_ERROR; |
700 } | 697 } |
701 | 698 |
702 conf->ssl.buffer_size = conf->buffer_size; | 699 conf->ssl.buffer_size = conf->buffer_size; |
703 | 700 |
728 | 725 |
729 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { | 726 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { |
730 return NGX_CONF_ERROR; | 727 return NGX_CONF_ERROR; |
731 } | 728 } |
732 | 729 |
733 if (conf->prefer_server_ciphers) { | |
734 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
735 } | |
736 | |
737 #if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER) | |
738 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | |
739 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); | |
740 #endif | |
741 | |
742 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { | 730 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
743 return NGX_CONF_ERROR; | 731 return NGX_CONF_ERROR; |
744 } | 732 } |
745 | 733 |
746 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) { | 734 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) { |