Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.h @ 7900:509b663a789c
SSL: removed export ciphers support.
Export ciphers are forbidden to negotiate in TLS 1.1 and later protocol modes.
They are disabled since OpenSSL 1.0.2g by default unless explicitly configured
with "enable-weak-ssl-ciphers", and completely removed in OpenSSL 1.1.0.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 10 Aug 2021 23:43:17 +0300 |
parents | 8f7107617550 |
children | eb6c77e6d55d fac88e160653 |
comparison
equal
deleted
inserted
replaced
7899:1a03af395f44 | 7900:509b663a789c |
---|---|
27 #include <openssl/hmac.h> | 27 #include <openssl/hmac.h> |
28 #ifndef OPENSSL_NO_OCSP | 28 #ifndef OPENSSL_NO_OCSP |
29 #include <openssl/ocsp.h> | 29 #include <openssl/ocsp.h> |
30 #endif | 30 #endif |
31 #include <openssl/rand.h> | 31 #include <openssl/rand.h> |
32 #include <openssl/rsa.h> | |
33 #include <openssl/x509.h> | 32 #include <openssl/x509.h> |
34 #include <openssl/x509v3.h> | 33 #include <openssl/x509v3.h> |
35 | 34 |
36 #define NGX_SSL_NAME "OpenSSL" | 35 #define NGX_SSL_NAME "OpenSSL" |
37 | 36 |
206 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout); | 205 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout); |
207 ngx_int_t ngx_ssl_ocsp_validate(ngx_connection_t *c); | 206 ngx_int_t ngx_ssl_ocsp_validate(ngx_connection_t *c); |
208 ngx_int_t ngx_ssl_ocsp_get_status(ngx_connection_t *c, const char **s); | 207 ngx_int_t ngx_ssl_ocsp_get_status(ngx_connection_t *c, const char **s); |
209 void ngx_ssl_ocsp_cleanup(ngx_connection_t *c); | 208 void ngx_ssl_ocsp_cleanup(ngx_connection_t *c); |
210 ngx_int_t ngx_ssl_ocsp_cache_init(ngx_shm_zone_t *shm_zone, void *data); | 209 ngx_int_t ngx_ssl_ocsp_cache_init(ngx_shm_zone_t *shm_zone, void *data); |
211 #if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER) | |
212 RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export, | |
213 int key_length); | |
214 #endif | |
215 ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file); | 210 ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file); |
216 ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf, | 211 ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf, |
217 ngx_array_t *passwords); | 212 ngx_array_t *passwords); |
218 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); | 213 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); |
219 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); | 214 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); |