nginx: src/mail/ngx_mail_ssl_module.c comparison

comparison src/mail/ngx_mail_ssl_module.c @ 3430:966f9cf9c7da stable-0.7

merge r3155, r3156, r3160, r969, r3191, r3197, r3358: SSL fixes: *) $ssl_session_id *) allow "make clean" for OpenSSL, the bug was introduced in r2874 *) disable SSLv2 and use only strong ciphers by default *) decrease SSL handshake error level to info

author	Igor Sysoev <igor@sysoev.ru>
date	Mon, 01 Feb 2010 14:39:16 +0000
parents	08570d26c7c5
children

comparison

equal deleted inserted replaced

-:9ecd253fcc90
+:966f9cf9c7da
 #include <ngx_config.h>
 #include <ngx_core.h>
 #include <ngx_mail.h>
-#define NGX_DEFAULT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
+#define NGX_DEFAULT_CIPHERS  "HIGH:!ADH:!MD5"
 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
 ngx_conf_merge_value(conf->prefer_server_ciphers,
 prev->prefer_server_ciphers, 0);
 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
-(NGX_CONF_BITMASK_SET
+(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
-|NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");

Mercurial > hg > nginx

comparison src/mail/ngx_mail_ssl_module.c @ 3430:966f9cf9c7da stable-0.7