Mercurial > hg > nginx
changeset 6157:b2899e7d0ef8
Disabled SSLv3 by default (ticket #653).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 25 May 2015 17:58:20 +0300 |
parents | a88e309f839b |
children | 884a967c369f |
files | src/http/modules/ngx_http_proxy_module.c src/http/modules/ngx_http_ssl_module.c src/http/modules/ngx_http_uwsgi_module.c src/mail/ngx_mail_ssl_module.c src/stream/ngx_stream_proxy_module.c src/stream/ngx_stream_ssl_module.c |
diffstat | 6 files changed, 9 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_proxy_module.c Mon May 25 17:58:13 2015 +0300 +++ b/src/http/modules/ngx_http_proxy_module.c Mon May 25 17:58:20 2015 +0300 @@ -3168,9 +3168,8 @@ prev->upstream.ssl_session_reuse, 1); ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, - (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 - |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 - |NGX_SSL_TLSv1_2)); + (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 + |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT");
--- a/src/http/modules/ngx_http_ssl_module.c Mon May 25 17:58:13 2015 +0300 +++ b/src/http/modules/ngx_http_ssl_module.c Mon May 25 17:58:20 2015 +0300 @@ -561,7 +561,7 @@ prev->prefer_server_ciphers, 0); ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, - (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 + (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
--- a/src/http/modules/ngx_http_uwsgi_module.c Mon May 25 17:58:13 2015 +0300 +++ b/src/http/modules/ngx_http_uwsgi_module.c Mon May 25 17:58:20 2015 +0300 @@ -1724,9 +1724,8 @@ prev->upstream.ssl_session_reuse, 1); ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, - (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 - |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 - |NGX_SSL_TLSv1_2)); + (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 + |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT");
--- a/src/mail/ngx_mail_ssl_module.c Mon May 25 17:58:13 2015 +0300 +++ b/src/mail/ngx_mail_ssl_module.c Mon May 25 17:58:20 2015 +0300 @@ -284,7 +284,7 @@ prev->prefer_server_ciphers, 0); ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, - (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 + (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
--- a/src/stream/ngx_stream_proxy_module.c Mon May 25 17:58:13 2015 +0300 +++ b/src/stream/ngx_stream_proxy_module.c Mon May 25 17:58:20 2015 +0300 @@ -1139,9 +1139,8 @@ prev->ssl_session_reuse, 1); ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, - (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 - |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 - |NGX_SSL_TLSv1_2)); + (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 + |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT");
--- a/src/stream/ngx_stream_ssl_module.c Mon May 25 17:58:13 2015 +0300 +++ b/src/stream/ngx_stream_ssl_module.c Mon May 25 17:58:20 2015 +0300 @@ -211,7 +211,7 @@ prev->prefer_server_ciphers, 0); ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, - (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 + (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");