Mercurial > hg > nginx
view src/http/modules/ngx_http_ssl_module.h @ 7413:7c00d8dbdb3a stable-1.14
SSL: logging levels of "unsupported protocol", "version too low".
Starting with OpenSSL 1.1.0, SSL_R_UNSUPPORTED_PROTOCOL instead of
SSL_R_UNKNOWN_PROTOCOL is reported when a protocol is disabled via
an SSL_OP_NO_* option.
Additionally, SSL_R_VERSION_TOO_LOW is reported when using MinProtocol
or when seclevel checks (as set by @SECLEVEL=n in the cipher string)
rejects a protocol, and this is what happens with SSLv3 and @SECLEVEL=1,
which is the default.
There is also the SSL_R_VERSION_TOO_HIGH error code, but it looks like
it is not possible to trigger it.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 16 Jul 2018 17:47:18 +0300 |
parents | 51e1f047d15d |
children | ba971deb4b44 |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_HTTP_SSL_H_INCLUDED_ #define _NGX_HTTP_SSL_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_http.h> typedef struct { ngx_flag_t enable; ngx_ssl_t ssl; ngx_flag_t prefer_server_ciphers; ngx_uint_t protocols; ngx_uint_t verify; ngx_uint_t verify_depth; size_t buffer_size; ssize_t builtin_session_cache; time_t session_timeout; ngx_array_t *certificates; ngx_array_t *certificate_keys; ngx_str_t dhparam; ngx_str_t ecdh_curve; ngx_str_t client_certificate; ngx_str_t trusted_certificate; ngx_str_t crl; ngx_str_t ciphers; ngx_array_t *passwords; ngx_shm_zone_t *shm_zone; ngx_flag_t session_tickets; ngx_array_t *session_ticket_keys; ngx_flag_t stapling; ngx_flag_t stapling_verify; ngx_str_t stapling_file; ngx_str_t stapling_responder; u_char *file; ngx_uint_t line; } ngx_http_ssl_srv_conf_t; extern ngx_module_t ngx_http_ssl_module; #endif /* _NGX_HTTP_SSL_H_INCLUDED_ */