Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.h @ 7900:509b663a789c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: removed export ciphers support. Export ciphers are forbidden to negotiate in TLS 1.1 and later protocol modes. They are disabled since OpenSSL 1.0.2g by default unless explicitly configured with "enable-weak-ssl-ciphers", and completely removed in OpenSSL 1.1.0.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 10 Aug 2021 23:43:17 +0300
parents 8f7107617550
children eb6c77e6d55d fac88e160653
comparison
equal deleted inserted replaced
7899:1a03af395f44 7900:509b663a789c
27 #include <openssl/hmac.h> 27 #include <openssl/hmac.h>
28 #ifndef OPENSSL_NO_OCSP 28 #ifndef OPENSSL_NO_OCSP
29 #include <openssl/ocsp.h> 29 #include <openssl/ocsp.h>
30 #endif 30 #endif
31 #include <openssl/rand.h> 31 #include <openssl/rand.h>
32 #include <openssl/rsa.h>
33 #include <openssl/x509.h> 32 #include <openssl/x509.h>
34 #include <openssl/x509v3.h> 33 #include <openssl/x509v3.h>
35 34
36 #define NGX_SSL_NAME "OpenSSL" 35 #define NGX_SSL_NAME "OpenSSL"
37 36
206 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout); 205 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
207 ngx_int_t ngx_ssl_ocsp_validate(ngx_connection_t *c); 206 ngx_int_t ngx_ssl_ocsp_validate(ngx_connection_t *c);
208 ngx_int_t ngx_ssl_ocsp_get_status(ngx_connection_t *c, const char **s); 207 ngx_int_t ngx_ssl_ocsp_get_status(ngx_connection_t *c, const char **s);
209 void ngx_ssl_ocsp_cleanup(ngx_connection_t *c); 208 void ngx_ssl_ocsp_cleanup(ngx_connection_t *c);
210 ngx_int_t ngx_ssl_ocsp_cache_init(ngx_shm_zone_t *shm_zone, void *data); 209 ngx_int_t ngx_ssl_ocsp_cache_init(ngx_shm_zone_t *shm_zone, void *data);
211 #if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
212 RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
213 int key_length);
214 #endif
215 ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file); 210 ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file);
216 ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf, 211 ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf,
217 ngx_array_t *passwords); 212 ngx_array_t *passwords);
218 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); 213 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
219 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); 214 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);