nginx: src/http/modules/ngx_http_ssl

comparison src/http/modules/ngx_http_ssl_module.c @ 4400:a0505851e70c

Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Support for TLSv1.1 and TLSv1.2 protocols was introduced in OpenSSL 1.0.1 (-beta1 was recently released). This change makes it possible to disable these protocols and/or enable them without other protocols.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Wed, 11 Jan 2012 11:15:00 +0000
parents	e444e8f6538b
children	d620f497c50f

comparison

equal deleted inserted replaced

-:d2b3130fd8d9
+:a0505851e70c
 static ngx_conf_bitmask_t  ngx_http_ssl_protocols[] = {
 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
+{ ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
+{ ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
 { ngx_null_string, 0 }
 };
 static ngx_conf_enum_t  ngx_http_ssl_verify[] = {
 ngx_conf_merge_value(conf->prefer_server_ciphers,
 prev->prefer_server_ciphers, 0);
 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
-(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
+(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
+|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");

Mercurial > hg > nginx

comparison src/http/modules/ngx_http_ssl_module.c @ 4400:a0505851e70c