Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 4400:a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Support for TLSv1.1 and TLSv1.2 protocols was introduced in OpenSSL 1.0.1
(-beta1 was recently released). This change makes it possible to disable
these protocols and/or enable them without other protocols.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 11 Jan 2012 11:15:00 +0000 |
parents | e444e8f6538b |
children | d620f497c50f |
comparison
equal
deleted
inserted
replaced
4399:d2b3130fd8d9 | 4400:a0505851e70c |
---|---|
35 | 35 |
36 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { | 36 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { |
37 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | 37 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, |
38 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | 38 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, |
39 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | 39 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, |
40 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, | |
41 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, | |
40 { ngx_null_string, 0 } | 42 { ngx_null_string, 0 } |
41 }; | 43 }; |
42 | 44 |
43 | 45 |
44 static ngx_conf_enum_t ngx_http_ssl_verify[] = { | 46 static ngx_conf_enum_t ngx_http_ssl_verify[] = { |
362 | 364 |
363 ngx_conf_merge_value(conf->prefer_server_ciphers, | 365 ngx_conf_merge_value(conf->prefer_server_ciphers, |
364 prev->prefer_server_ciphers, 0); | 366 prev->prefer_server_ciphers, 0); |
365 | 367 |
366 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 368 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
367 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); | 369 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 |
370 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); | |
368 | 371 |
369 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); | 372 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
370 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | 373 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); |
371 | 374 |
372 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); | 375 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |