Mercurial > hg > nginx

comparison src/http/modules/ngx_http_ssl_module.c @ 3190:dd2ae3872634

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
disable SSLv2 and low ciphers by default
author Igor Sysoev <igor@sysoev.ru>
date Tue, 06 Oct 2009 14:24:53 +0000
parents 823f72db46c0
children b7e68ee09e0c
comparison
equal deleted inserted replaced
3189:dcb31433272e 3190:dd2ae3872634
11 11
12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
13 ngx_pool_t *pool, ngx_str_t *s); 13 ngx_pool_t *pool, ngx_str_t *s);
14 14
15 15
16 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" 16 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM"
17 17
18 18
19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, 19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
20 ngx_http_variable_value_t *v, uintptr_t data); 20 ngx_http_variable_value_t *v, uintptr_t data);
21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, 21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
345 345
346 ngx_conf_merge_value(conf->prefer_server_ciphers, 346 ngx_conf_merge_value(conf->prefer_server_ciphers,
347 prev->prefer_server_ciphers, 0); 347 prev->prefer_server_ciphers, 0);
348 348
349 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, 349 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
350 (NGX_CONF_BITMASK_SET 350 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
351 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
352 351
353 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); 352 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
354 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); 353 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
355 354
356 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); 355 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");