Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_module.c @ 6591:04d8d1f85649
SSL: ngx_ssl_ciphers() to set list of ciphers.
This patch moves various OpenSSL-specific function calls into the
OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
crypto-library-agnostic.
author | Tim Taubert <tim@timtaubert.de> |
---|---|
date | Wed, 15 Jun 2016 21:05:30 +0100 |
parents | 2014ed60f17f |
children | 2f41d383c9c7 |
comparison
equal
deleted
inserted
replaced
6590:d375f4210e41 | 6591:04d8d1f85649 |
---|---|
264 != NGX_OK) | 264 != NGX_OK) |
265 { | 265 { |
266 return NGX_CONF_ERROR; | 266 return NGX_CONF_ERROR; |
267 } | 267 } |
268 | 268 |
269 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, | 269 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers, |
270 (const char *) conf->ciphers.data) | 270 conf->prefer_server_ciphers) |
271 == 0) | 271 != NGX_OK) |
272 { | 272 { |
273 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 273 return NGX_CONF_ERROR; |
274 "SSL_CTX_set_cipher_list(\"%V\") failed", | 274 } |
275 &conf->ciphers); | |
276 return NGX_CONF_ERROR; | |
277 } | |
278 | |
279 if (conf->prefer_server_ciphers) { | |
280 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
281 } | |
282 | |
283 #if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER) | |
284 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); | |
285 #endif | |
286 | 275 |
287 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { | 276 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
288 return NGX_CONF_ERROR; | 277 return NGX_CONF_ERROR; |
289 } | 278 } |
290 | 279 |