diff options
| author | Tim Taubert <tim@timtaubert.de> | 2016-06-15 21:05:30 +0100 |
|---|---|---|
| committer | Tim Taubert <tim@timtaubert.de> | 2016-06-15 21:05:30 +0100 |
| commit | 4f578bfcab740fcfbbb8824822803ad9b3f176cc (patch) | |
| tree | 361da9087f06bd7eb328a82b691044a5c83a48fb /src/event | |
| parent | 6e38998bacb77b1bcaa16a999a722c0c4f961b8e (diff) | |
| download | nginx-4f578bfcab740fcfbbb8824822803ad9b3f176cc.tar.gz nginx-4f578bfcab740fcfbbb8824822803ad9b3f176cc.tar.bz2 | |
SSL: ngx_ssl_ciphers() to set list of ciphers.
This patch moves various OpenSSL-specific function calls into the
OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
crypto-library-agnostic.
Diffstat (limited to 'src/event')
| -rw-r--r-- | src/event/ngx_event_openssl.c | 24 | ||||
| -rw-r--r-- | src/event/ngx_event_openssl.h | 2 |
2 files changed, 26 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 810c46995..bb9a9006b 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -592,6 +592,30 @@ ngx_ssl_password_callback(char *buf, int size, int rwflag, void *userdata) ngx_int_t +ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers, + ngx_uint_t prefer_server_ciphers) +{ + if (SSL_CTX_set_cipher_list(ssl->ctx, (char *) ciphers->data) == 0) { + ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, + "SSL_CTX_set_cipher_list(\"%V\") failed", + ciphers); + return NGX_ERROR; + } + + if (prefer_server_ciphers) { + SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); + } + +#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER) + /* a temporary 512-bit RSA key is required for export versions of MSIE */ + SSL_CTX_set_tmp_rsa_callback(ssl->ctx, ngx_ssl_rsa512_key_callback); +#endif + + return NGX_OK; +} + + +ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, ngx_int_t depth) { diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index fc9ec054a..3367d1020 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -144,6 +144,8 @@ ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *certs, ngx_array_t *keys, ngx_array_t *passwords); ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords); +ngx_int_t ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers, + ngx_uint_t prefer_server_ciphers); ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, ngx_int_t depth); ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, |