Mercurial > hg > nginx

diff src/event/ngx_event_openssl.c @ 6981:08dc60979133

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: added support for TLSv1.3 in ssl_protocols directive. Support for the TLSv1.3 protocol will be introduced in OpenSSL 1.1.1.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 18 Apr 2017 15:12:38 +0300
parents 5cb85b0ee00b
children ac9b1df5b246
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -323,6 +323,12 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_
         SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
     }
 #endif
+#ifdef SSL_OP_NO_TLSv1_3
+    SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
+    if (!(protocols & NGX_SSL_TLSv1_3)) {
+        SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
+    }
+#endif
 
 #ifdef SSL_OP_NO_COMPRESSION
     SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);