diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2017-04-18 15:12:38 +0300 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2017-04-18 15:12:38 +0300 |
| commit | 9a37eb3a62130473596e0e4c2e388d80bdb14956 (patch) | |
| tree | 55d5165ecab0200b8b9258572397b42c3921bd9b /src/event | |
| parent | 05841adfb2e5d50dee066b6f92cbb95b78c5b725 (diff) | |
| download | nginx-9a37eb3a62130473596e0e4c2e388d80bdb14956.tar.gz nginx-9a37eb3a62130473596e0e4c2e388d80bdb14956.tar.bz2 | |
SSL: added support for TLSv1.3 in ssl_protocols directive.
Support for the TLSv1.3 protocol will be introduced in OpenSSL 1.1.1.
Diffstat (limited to 'src/event')
| -rw-r--r-- | src/event/ngx_event_openssl.c | 6 | ||||
| -rw-r--r-- | src/event/ngx_event_openssl.h | 1 |
2 files changed, 7 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 8c7c67704..eb418314d 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -323,6 +323,12 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2); } #endif +#ifdef SSL_OP_NO_TLSv1_3 + SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_3); + if (!(protocols & NGX_SSL_TLSv1_3)) { + SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3); + } +#endif #ifdef SSL_OP_NO_COMPRESSION SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index e093e10c5..607ee9011 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -131,6 +131,7 @@ typedef struct { #define NGX_SSL_TLSv1 0x0008 #define NGX_SSL_TLSv1_1 0x0010 #define NGX_SSL_TLSv1_2 0x0020 +#define NGX_SSL_TLSv1_3 0x0040 #define NGX_SSL_BUFFER 1 |