Mercurial > hg > nginx

comparison src/mail/ngx_mail_ssl_module.c @ 4446:fd40c9ef750d stable-1.0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge of r4401, r4415: SSL changes: *) Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Support for TLSv1.1 and TLSv1.2 protocols was introduced in OpenSSL 1.0.1 (-beta1 was recently released). This change makes it possible to disable these protocols and/or enable them without other protocols. *) Removed ENGINE_load_builtin_engines() call. It's already called by OPENSSL_config(). Calling it again causes some openssl engines (notably GOST) to corrupt memory, as they don't expect to be created more than once.
author Maxim Dounin <mdounin@mdounin.ru>
date Sun, 05 Feb 2012 19:15:09 +0000
parents 718f2154b813
children 4919fb357a5d
comparison
equal deleted inserted replaced
4445:50445a6d469e 4446:fd40c9ef750d
35 35
36 static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = { 36 static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = {
37 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, 37 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
38 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, 38 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
39 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, 39 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
40 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
41 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
40 { ngx_null_string, 0 } 42 { ngx_null_string, 0 }
41 }; 43 };
42 44
43 45
44 static ngx_command_t ngx_mail_ssl_commands[] = { 46 static ngx_command_t ngx_mail_ssl_commands[] = {
204 206
205 ngx_conf_merge_value(conf->prefer_server_ciphers, 207 ngx_conf_merge_value(conf->prefer_server_ciphers,
206 prev->prefer_server_ciphers, 0); 208 prev->prefer_server_ciphers, 0);
207 209
208 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, 210 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
209 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); 211 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
212 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
210 213
211 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); 214 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
212 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); 215 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
213 216
214 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); 217 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");