From 8bfb37e9f0e808483cd9754c020292a9cb35e342 Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Sun, 5 Feb 2012 19:15:09 +0000
Subject: Merge of r4401, r4415:

SSL changes:

*) Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.

   Support for TLSv1.1 and TLSv1.2 protocols was introduced in
   OpenSSL 1.0.1 (-beta1 was recently released).  This change makes it
   possible to disable these protocols and/or enable them without other
   protocols.

*) Removed ENGINE_load_builtin_engines() call.

   It's already called by OPENSSL_config().  Calling it again causes
   some openssl engines (notably GOST) to corrupt memory, as they don't
   expect to be created more than once.
---
 src/http/modules/ngx_http_proxy_module.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/http/modules/ngx_http_proxy_module.c')

diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index 64a853c6d..05248a839 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -2766,7 +2766,9 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
     plcf->upstream.ssl->log = cf->log;
 
     if (ngx_ssl_create(plcf->upstream.ssl,
-                       NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1, NULL)
+                       NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1
+                                    |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2,
+                       NULL)
         != NGX_OK)
     {
         return NGX_ERROR;
-- 
cgit