Mercurial > hg > nginx
comparison src/mail/ngx_mail_ssl_module.c @ 3430:966f9cf9c7da stable-0.7
merge r3155, r3156, r3160, r969, r3191, r3197, r3358:
SSL fixes:
*) $ssl_session_id
*) allow "make clean" for OpenSSL, the bug was introduced in r2874
*) disable SSLv2 and use only strong ciphers by default
*) decrease SSL handshake error level to info
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 01 Feb 2010 14:39:16 +0000 |
parents | 08570d26c7c5 |
children |
comparison
equal
deleted
inserted
replaced
3429:9ecd253fcc90 | 3430:966f9cf9c7da |
---|---|
7 #include <ngx_config.h> | 7 #include <ngx_config.h> |
8 #include <ngx_core.h> | 8 #include <ngx_core.h> |
9 #include <ngx_mail.h> | 9 #include <ngx_mail.h> |
10 | 10 |
11 | 11 |
12 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 12 #define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" |
13 | 13 |
14 | 14 |
15 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); | 15 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); |
16 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); | 16 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); |
17 | 17 |
196 | 196 |
197 ngx_conf_merge_value(conf->prefer_server_ciphers, | 197 ngx_conf_merge_value(conf->prefer_server_ciphers, |
198 prev->prefer_server_ciphers, 0); | 198 prev->prefer_server_ciphers, 0); |
199 | 199 |
200 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 200 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
201 (NGX_CONF_BITMASK_SET | 201 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); |
202 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); | |
203 | 202 |
204 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); | 203 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
205 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | 204 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); |
206 | 205 |
207 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | 206 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |