mirror of
https://github.com/nginx/nginx.git
synced 2024-12-19 21:53:31 -06:00
Proxy: added the "proxy_ssl_protocols" directive.
This commit is contained in:
parent
0a5124502d
commit
003b2cd720
@ -76,6 +76,11 @@ typedef struct {
|
||||
|
||||
ngx_uint_t headers_hash_max_size;
|
||||
ngx_uint_t headers_hash_bucket_size;
|
||||
|
||||
#if (NGX_HTTP_SSL)
|
||||
ngx_uint_t ssl;
|
||||
ngx_uint_t ssl_protocols;
|
||||
#endif
|
||||
} ngx_http_proxy_loc_conf_t;
|
||||
|
||||
|
||||
@ -186,6 +191,20 @@ static ngx_conf_bitmask_t ngx_http_proxy_next_upstream_masks[] = {
|
||||
};
|
||||
|
||||
|
||||
#if (NGX_HTTP_SSL)
|
||||
|
||||
static ngx_conf_bitmask_t ngx_http_proxy_ssl_protocols[] = {
|
||||
{ ngx_string("SSLv2"), NGX_SSL_SSLv2 },
|
||||
{ ngx_string("SSLv3"), NGX_SSL_SSLv3 },
|
||||
{ ngx_string("TLSv1"), NGX_SSL_TLSv1 },
|
||||
{ ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
|
||||
{ ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
|
||||
{ ngx_null_string, 0 }
|
||||
};
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
static ngx_conf_enum_t ngx_http_proxy_http_version[] = {
|
||||
{ ngx_string("1.0"), NGX_HTTP_VERSION_10 },
|
||||
{ ngx_string("1.1"), NGX_HTTP_VERSION_11 },
|
||||
@ -512,6 +531,13 @@ static ngx_command_t ngx_http_proxy_commands[] = {
|
||||
offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_session_reuse),
|
||||
NULL },
|
||||
|
||||
{ ngx_string("proxy_ssl_protocols"),
|
||||
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
|
||||
ngx_conf_set_bitmask_slot,
|
||||
NGX_HTTP_LOC_CONF_OFFSET,
|
||||
offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols),
|
||||
&ngx_http_proxy_ssl_protocols },
|
||||
|
||||
#endif
|
||||
|
||||
ngx_null_command
|
||||
@ -2386,6 +2412,8 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
|
||||
* conf->body_set = NULL;
|
||||
* conf->body_source = { 0, NULL };
|
||||
* conf->redirects = NULL;
|
||||
* conf->ssl = 0;
|
||||
* conf->ssl_protocols = 0;
|
||||
*/
|
||||
|
||||
conf->upstream.store = NGX_CONF_UNSET;
|
||||
@ -2701,6 +2729,15 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||
#if (NGX_HTTP_SSL)
|
||||
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
|
||||
prev->upstream.ssl_session_reuse, 1);
|
||||
|
||||
ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
|
||||
(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3
|
||||
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
|
||||
|NGX_SSL_TLSv1_2));
|
||||
|
||||
if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
#endif
|
||||
|
||||
ngx_conf_merge_value(conf->redirect, prev->redirect, 1);
|
||||
@ -3146,9 +3183,7 @@ ngx_http_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
}
|
||||
|
||||
#if (NGX_HTTP_SSL)
|
||||
if (ngx_http_proxy_set_ssl(cf, plcf) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
plcf->ssl = 1;
|
||||
#endif
|
||||
|
||||
return NGX_CONF_OK;
|
||||
@ -3161,9 +3196,7 @@ ngx_http_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
} else if (ngx_strncasecmp(url->data, (u_char *) "https://", 8) == 0) {
|
||||
|
||||
#if (NGX_HTTP_SSL)
|
||||
if (ngx_http_proxy_set_ssl(cf, plcf) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
plcf->ssl = 1;
|
||||
|
||||
add = 8;
|
||||
port = 443;
|
||||
@ -3745,10 +3778,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
|
||||
|
||||
plcf->upstream.ssl->log = cf->log;
|
||||
|
||||
if (ngx_ssl_create(plcf->upstream.ssl,
|
||||
NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1
|
||||
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2,
|
||||
NULL)
|
||||
if (ngx_ssl_create(plcf->upstream.ssl, plcf->ssl_protocols, NULL)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return NGX_ERROR;
|
||||
|
Loading…
Reference in New Issue
Block a user