Mercurial > hg > nginx
changeset 3938:1e90599af73b
use !aNULL to disable all anonymous cipher suites
patch by Rob Stradling
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 27 Jun 2011 15:47:51 +0000 |
parents | 92badf634ba8 |
children | 3cbbe86a7a95 |
files | conf/nginx.conf src/http/modules/ngx_http_ssl_module.c src/mail/ngx_mail_ssl_module.c |
diffstat | 3 files changed, 3 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/conf/nginx.conf Mon Jun 27 15:34:44 2011 +0000 +++ b/conf/nginx.conf Mon Jun 27 15:47:51 2011 +0000 @@ -106,7 +106,7 @@ # ssl_session_timeout 5m; # ssl_protocols SSLv2 SSLv3 TLSv1; - # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; + # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / {
--- a/src/http/modules/ngx_http_ssl_module.c Mon Jun 27 15:34:44 2011 +0000 +++ b/src/http/modules/ngx_http_ssl_module.c Mon Jun 27 15:47:51 2011 +0000 @@ -13,7 +13,7 @@ ngx_pool_t *pool, ngx_str_t *s); -#define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" +#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
--- a/src/mail/ngx_mail_ssl_module.c Mon Jun 27 15:34:44 2011 +0000 +++ b/src/mail/ngx_mail_ssl_module.c Mon Jun 27 15:47:51 2011 +0000 @@ -9,7 +9,7 @@ #include <ngx_mail.h> -#define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" +#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);