Mercurial > hg > nginx

changeset 3938:1e90599af73b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
use !aNULL to disable all anonymous cipher suites patch by Rob Stradling
author Igor Sysoev <igor@sysoev.ru>
date Mon, 27 Jun 2011 15:47:51 +0000
parents 92badf634ba8
children 3cbbe86a7a95
files conf/nginx.conf src/http/modules/ngx_http_ssl_module.c src/mail/ngx_mail_ssl_module.c
diffstat 3 files changed, 3 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -106,7 +106,7 @@ http {
     #    ssl_session_timeout  5m;
 
     #    ssl_protocols  SSLv2 SSLv3 TLSv1;
-    #    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
+    #    ssl_ciphers  HIGH:!aNULL:!MD5;
     #    ssl_prefer_server_ciphers   on;
 
     #    location / {
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -13,7 +13,7 @@ typedef ngx_int_t (*ngx_ssl_variable_han
     ngx_pool_t *pool, ngx_str_t *s);
 
 
-#define NGX_DEFAULT_CIPHERS  "HIGH:!ADH:!MD5"
+#define NGX_DEFAULT_CIPHERS  "HIGH:!aNULL:!MD5"
 
 
 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -9,7 +9,7 @@
 #include <ngx_mail.h>
 
 
-#define NGX_DEFAULT_CIPHERS  "HIGH:!ADH:!MD5"
+#define NGX_DEFAULT_CIPHERS  "HIGH:!aNULL:!MD5"
 
 
 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);