Mercurial > hg > nginx
changeset 3190:dd2ae3872634
disable SSLv2 and low ciphers by default
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Tue, 06 Oct 2009 14:24:53 +0000 |
parents | dcb31433272e |
children | 30f841e2536d |
files | src/http/modules/ngx_http_ssl_module.c src/mail/ngx_mail_ssl_module.c |
diffstat | 2 files changed, 4 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c Tue Oct 06 13:52:26 2009 +0000 +++ b/src/http/modules/ngx_http_ssl_module.c Tue Oct 06 14:24:53 2009 +0000 @@ -13,7 +13,7 @@ ngx_pool_t *pool, ngx_str_t *s); -#define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" +#define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM" static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, @@ -347,8 +347,7 @@ prev->prefer_server_ciphers, 0); ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, - (NGX_CONF_BITMASK_SET - |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); + (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
--- a/src/mail/ngx_mail_ssl_module.c Tue Oct 06 13:52:26 2009 +0000 +++ b/src/mail/ngx_mail_ssl_module.c Tue Oct 06 14:24:53 2009 +0000 @@ -9,7 +9,7 @@ #include <ngx_mail.h> -#define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" +#define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM" static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); @@ -198,8 +198,7 @@ prev->prefer_server_ciphers, 0); ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, - (NGX_CONF_BITMASK_SET - |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); + (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");