nginx: src/http/modules/ngx_http_ssl

comparison src/http/modules/ngx_http_ssl_module.c @ 6816:ea93c7d8752a

SSL: $ssl_ciphers (ticket #870). The variable contains list of ciphers as supported by the client. Known ciphers are listed by their names, unknown ones are shown in hex, e.g., ""AES128-SHA:AES256-SHA:0x00ff". The variable is fully supported only when using OpenSSL 1.0.2 and above. With older version there is an attempt to provide some information using SSL_get_shared_ciphers(). It only lists known ciphers though. Moreover, as OpenSSL uses session data for SSL_get_shared_ciphers(), and it doesn't store relevant data when serializing a session. As a result $ssl_ciphers is only available for new sessions (and not available for reused ones) when using OpenSSL older than 1.0.2.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 05 Dec 2016 22:23:23 +0300
parents	2d15fff64e3c
children	e75e854657ba

comparison

equal deleted inserted replaced

-:2d15fff64e3c
+:ea93c7d8752a
 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 },
 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
+{ ngx_string("ssl_ciphers"), NULL, ngx_http_ssl_variable,
+(uintptr_t) ngx_ssl_get_ciphers, NGX_HTTP_VAR_CHANGEABLE, 0 },
 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable,
 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 },
 { ngx_string("ssl_session_reused"), NULL, ngx_http_ssl_variable,
 (uintptr_t) ngx_ssl_get_session_reused, NGX_HTTP_VAR_CHANGEABLE, 0 },

Mercurial > hg > nginx

comparison src/http/modules/ngx_http_ssl_module.c @ 6816:ea93c7d8752a