nginx: src/event/ngx_event_openssl.c comparison

comparison src/event/ngx_event_openssl.c @ 7900:509b663a789c

SSL: removed export ciphers support. Export ciphers are forbidden to negotiate in TLS 1.1 and later protocol modes. They are disabled since OpenSSL 1.0.2g by default unless explicitly configured with "enable-weak-ssl-ciphers", and completely removed in OpenSSL 1.1.0.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Tue, 10 Aug 2021 23:43:17 +0300
parents	1a03af395f44
children	dda421871bc2

comparison

equal deleted inserted replaced

-:1a03af395f44
+:509b663a789c
 if (prefer_server_ciphers) {
 SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
 }
-#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
-/* a temporary 512-bit RSA key is required for export versions of MSIE */
-SSL_CTX_set_tmp_rsa_callback(ssl->ctx, ngx_ssl_rsa512_key_callback);
-#endif
 return NGX_OK;
 }
 ngx_int_t
 c->ssl->handshake_buffer_set = 1;
 }
 }
 }
 }
-#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
-RSA *
-ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
-int key_length)
-{
-static RSA  *key;
-if (key_length != 512) {
-return NULL;
-}
-#ifndef OPENSSL_NO_DEPRECATED
-if (key == NULL) {
-key = RSA_generate_key(512, RSA_F4, NULL, NULL);
-}
-#endif
-return key;
-}
-#endif
 ngx_array_t *
 ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file)
 {

Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 7900:509b663a789c