Mercurial > hg > nginx
comparison src/mail/ngx_mail_ssl_module.c @ 4446:fd40c9ef750d stable-1.0
Merge of r4401, r4415:
SSL changes:
*) Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Support for TLSv1.1 and TLSv1.2 protocols was introduced in
OpenSSL 1.0.1 (-beta1 was recently released). This change makes it
possible to disable these protocols and/or enable them without other
protocols.
*) Removed ENGINE_load_builtin_engines() call.
It's already called by OPENSSL_config(). Calling it again causes
some openssl engines (notably GOST) to corrupt memory, as they don't
expect to be created more than once.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sun, 05 Feb 2012 19:15:09 +0000 |
parents | 718f2154b813 |
children | 4919fb357a5d |
comparison
equal
deleted
inserted
replaced
4445:50445a6d469e | 4446:fd40c9ef750d |
---|---|
35 | 35 |
36 static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = { | 36 static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = { |
37 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | 37 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, |
38 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | 38 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, |
39 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | 39 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, |
40 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, | |
41 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, | |
40 { ngx_null_string, 0 } | 42 { ngx_null_string, 0 } |
41 }; | 43 }; |
42 | 44 |
43 | 45 |
44 static ngx_command_t ngx_mail_ssl_commands[] = { | 46 static ngx_command_t ngx_mail_ssl_commands[] = { |
204 | 206 |
205 ngx_conf_merge_value(conf->prefer_server_ciphers, | 207 ngx_conf_merge_value(conf->prefer_server_ciphers, |
206 prev->prefer_server_ciphers, 0); | 208 prev->prefer_server_ciphers, 0); |
207 | 209 |
208 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 210 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
209 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); | 211 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 |
212 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); | |
210 | 213 |
211 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); | 214 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
212 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | 215 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); |
213 | 216 |
214 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | 217 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |