Mercurial > hg > nginx
diff src/http/modules/ngx_http_ssl_module.c @ 4400:a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Support for TLSv1.1 and TLSv1.2 protocols was introduced in OpenSSL 1.0.1
(-beta1 was recently released). This change makes it possible to disable
these protocols and/or enable them without other protocols.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 11 Jan 2012 11:15:00 +0000 |
parents | e444e8f6538b |
children | d620f497c50f |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c Wed Jan 11 11:09:05 2012 +0000 +++ b/src/http/modules/ngx_http_ssl_module.c Wed Jan 11 11:15:00 2012 +0000 @@ -37,6 +37,8 @@ { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, + { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, + { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, { ngx_null_string, 0 } }; @@ -364,7 +366,8 @@ prev->prefer_server_ciphers, 0); ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, - (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); + (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 + |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);