nginx.git/src/mail/ngx_mail_ssl_module.c, branch release-1.28.1

SSL: a new macro to set default protocol versions.

2024-11-22T09:47:22+00:00

This simplifies merging protocol values after ea15896 and ebd18ec.

Further, as outlined in ebd18ec18, for libraries preceeding TLSv1.2+
support, only meaningful versions TLSv1 and TLSv1.1 are set by default.

While here, fixed indentation.

SSL: fixed MSVC compilation after ebd18ec1812b.

2024-11-11T18:29:55+00:00

MSVC generates a compilation error in case #if/#endif is used in a macro
parameter.

SSL: disabled TLSv1 and TLSv1.1 by default.

2024-10-31T15:49:00+00:00

TLSv1 and TLSv1.1 are formally deprecated and forbidden to negotiate due
to insufficient security reasons outlined in RFC 8996.

TLSv1 and TLSv1.1 are disabled in BoringSSL e95b0cad9 and LibreSSL 3.8.1
in the way they cannot be enabled in nginx configuration.  In OpenSSL 3.0,
they are only permitted at security level 0 (disabled by default).

The support is dropped in Chrome 84, Firefox 78, and deprecated in Safari.

This change disables TLSv1 and TLSv1.1 by default for OpenSSL 1.0.1 and
newer, where TLSv1.2 support is available.  For older library versions,
which do not have alternatives, these protocol versions remain enabled.

SSL: optional ssl_client_certificate for ssl_verify_client.

2024-09-20T10:43:00+00:00

Starting from TLSv1.1 (as seen since draft-ietf-tls-rfc2246-bis-00),
the "certificate_authorities" field grammar of the CertificateRequest
message was redone to allow no distinguished names.  In TLSv1.3, with
the restructured CertificateRequest message, this can be similarly
done by optionally including the "certificate_authorities" extension.
This allows to avoid sending DNs at all.

In practice, aside from published TLS specifications, all supported
SSL/TLS libraries allow to request client certificates with an empty
DN list for any protocol version.  For instance, when operating in
TLSv1, this results in sending the "certificate_authorities" list as
a zero-length vector, which corresponds to the TLSv1.1 specification.
Such behaviour goes back to SSLeay.

The change relaxes the requirement to specify at least one trusted CA
certificate in the ssl_client_certificate directive, which resulted in
sending DNs of these certificates (closes #142).  Instead, all trusted
CA certificates can be specified now using the ssl_trusted_certificate
directive if needed.  A notable difference that certificates specified
in ssl_trusted_certificate are always loaded remains (see 3648ba7db).

Co-authored-by: Praveen Chaudhary

SSL: removed the "ssl" directive.

2023-06-08T10:49:27+00:00

It has been deprecated since 7270:46c0c7ef4913 (1.15.0) in favour of
the "ssl" parameter of the "listen" directive, which has been available
since 2224:109849282793 (0.7.14).

SSL: enabled TLSv1.3 by default.

2023-03-23T23:57:43+00:00

SSL: improved validation of ssl_session_cache and ssl_ocsp_cache.

2022-10-17T12:24:53+00:00

Now it properly detects invalid shared zone configuration with omitted size.
Previously it used to read outside of the buffer boundary.

Found with AddressSanitizer.

Mail: connections with wrong ALPN protocols are now rejected.

2021-10-20T06:45:34+00:00

This is a recommended behavior by RFC 7301 and is useful
for mitigation of protocol confusion attacks [1].

For POP3 and IMAP protocols IANA-assigned ALPN IDs are used [2].
For the SMTP protocol "smtp" is used.

[1] https://alpaca-attack.com/
[2] https://www.iana.org/assignments/tls-extensiontype-values/

SSL: ciphers now set before loading certificates (ticket #2035).

2021-08-16T19:40:31+00:00

To load old/weak server or client certificates it might be needed to adjust
the security level, as introduced in OpenSSL 1.1.0.  This change ensures that
ciphers are set before loading the certificates, so security level changes
via the cipher string apply to certificate loading.

SSL: fixed build by Sun C with old OpenSSL versions.

2021-03-05T14:16:13+00:00

Sun C complains about "statement not reached" if a "return" is followed
by additional statements.