Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.h @ 5425:1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
In order to support key rollover, ssl_session_ticket_key can be defined
multiple times. The first key will be used to issue and resume Session
Tickets, while the rest will be used only to resume them.
ssl_session_ticket_key session_tickets/current.key;
ssl_session_ticket_key session_tickets/prev-1h.key;
ssl_session_ticket_key session_tickets/prev-2h.key;
Please note that nginx supports Session Tickets even without explicit
configuration of the keys and this feature should be only used in setups
where SSL traffic is distributed across multiple nginx servers.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
| author | Piotr Sikora <piotr@cloudflare.com> |
|---|---|
| date | Fri, 11 Oct 2013 16:05:24 -0700 |
| parents | a720f0b0e083 |
| children | a297b7ad6f94 |
comparison
equal
deleted
inserted
replaced
| 5424:767aa37f12de | 5425:1356a3b96924 |
|---|---|
| 81 ngx_rbtree_node_t sentinel; | 81 ngx_rbtree_node_t sentinel; |
| 82 ngx_queue_t expire_queue; | 82 ngx_queue_t expire_queue; |
| 83 } ngx_ssl_session_cache_t; | 83 } ngx_ssl_session_cache_t; |
| 84 | 84 |
| 85 | 85 |
| 86 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB | |
| 87 | |
| 88 typedef struct { | |
| 89 u_char name[16]; | |
| 90 u_char aes_key[16]; | |
| 91 u_char hmac_key[16]; | |
| 92 } ngx_ssl_session_ticket_key_t; | |
| 93 | |
| 94 #endif | |
| 95 | |
| 86 | 96 |
| 87 #define NGX_SSL_SSLv2 0x0002 | 97 #define NGX_SSL_SSLv2 0x0002 |
| 88 #define NGX_SSL_SSLv3 0x0004 | 98 #define NGX_SSL_SSLv3 0x0004 |
| 89 #define NGX_SSL_TLSv1 0x0008 | 99 #define NGX_SSL_TLSv1 0x0008 |
| 90 #define NGX_SSL_TLSv1_1 0x0010 | 100 #define NGX_SSL_TLSv1_1 0x0010 |
| 114 int key_length); | 124 int key_length); |
| 115 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); | 125 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); |
| 116 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); | 126 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); |
| 117 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, | 127 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, |
| 118 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout); | 128 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout); |
| 129 ngx_int_t ngx_ssl_session_ticket_keys(ngx_conf_t *cf, ngx_ssl_t *ssl, | |
| 130 ngx_array_t *paths); | |
| 119 ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data); | 131 ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data); |
| 120 ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, | 132 ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, |
| 121 ngx_uint_t flags); | 133 ngx_uint_t flags); |
| 122 | 134 |
| 123 void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess); | 135 void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess); |
| 171 | 183 |
| 172 | 184 |
| 173 extern int ngx_ssl_connection_index; | 185 extern int ngx_ssl_connection_index; |
| 174 extern int ngx_ssl_server_conf_index; | 186 extern int ngx_ssl_server_conf_index; |
| 175 extern int ngx_ssl_session_cache_index; | 187 extern int ngx_ssl_session_cache_index; |
| 188 extern int ngx_ssl_session_ticket_keys_index; | |
| 176 extern int ngx_ssl_certificate_index; | 189 extern int ngx_ssl_certificate_index; |
| 177 extern int ngx_ssl_stapling_index; | 190 extern int ngx_ssl_stapling_index; |
| 178 | 191 |
| 179 | 192 |
| 180 #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */ | 193 #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */ |