mirror of
https://github.com/nginx/nginx.git
synced 2024-12-20 06:03:31 -06:00
Proxy: added the "proxy_ssl_ciphers" directive.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
This commit is contained in:
parent
e11584164f
commit
43736b12de
@ -80,6 +80,7 @@ typedef struct {
|
|||||||
#if (NGX_HTTP_SSL)
|
#if (NGX_HTTP_SSL)
|
||||||
ngx_uint_t ssl;
|
ngx_uint_t ssl;
|
||||||
ngx_uint_t ssl_protocols;
|
ngx_uint_t ssl_protocols;
|
||||||
|
ngx_str_t ssl_ciphers;
|
||||||
#endif
|
#endif
|
||||||
} ngx_http_proxy_loc_conf_t;
|
} ngx_http_proxy_loc_conf_t;
|
||||||
|
|
||||||
@ -538,6 +539,13 @@ static ngx_command_t ngx_http_proxy_commands[] = {
|
|||||||
offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols),
|
offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols),
|
||||||
&ngx_http_proxy_ssl_protocols },
|
&ngx_http_proxy_ssl_protocols },
|
||||||
|
|
||||||
|
{ ngx_string("proxy_ssl_ciphers"),
|
||||||
|
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
|
||||||
|
ngx_conf_set_str_slot,
|
||||||
|
NGX_HTTP_LOC_CONF_OFFSET,
|
||||||
|
offsetof(ngx_http_proxy_loc_conf_t, ssl_ciphers),
|
||||||
|
NULL },
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ngx_null_command
|
ngx_null_command
|
||||||
@ -2414,6 +2422,7 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
|
|||||||
* conf->redirects = NULL;
|
* conf->redirects = NULL;
|
||||||
* conf->ssl = 0;
|
* conf->ssl = 0;
|
||||||
* conf->ssl_protocols = 0;
|
* conf->ssl_protocols = 0;
|
||||||
|
* conf->ssl_ciphers = { 0, NULL };
|
||||||
*/
|
*/
|
||||||
|
|
||||||
conf->upstream.store = NGX_CONF_UNSET;
|
conf->upstream.store = NGX_CONF_UNSET;
|
||||||
@ -2735,6 +2744,9 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||||||
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
|
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
|
||||||
|NGX_SSL_TLSv1_2));
|
|NGX_SSL_TLSv1_2));
|
||||||
|
|
||||||
|
ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
|
||||||
|
"DEFAULT");
|
||||||
|
|
||||||
if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) {
|
if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) {
|
||||||
return NGX_CONF_ERROR;
|
return NGX_CONF_ERROR;
|
||||||
}
|
}
|
||||||
@ -3784,6 +3796,16 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
|
|||||||
return NGX_ERROR;
|
return NGX_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (SSL_CTX_set_cipher_list(plcf->upstream.ssl->ctx,
|
||||||
|
(const char *) plcf->ssl_ciphers.data)
|
||||||
|
== 0)
|
||||||
|
{
|
||||||
|
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
|
||||||
|
"SSL_CTX_set_cipher_list(\"%V\") failed",
|
||||||
|
&plcf->ssl_ciphers);
|
||||||
|
return NGX_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
cln = ngx_pool_cleanup_add(cf->pool, 0);
|
cln = ngx_pool_cleanup_add(cf->pool, 0);
|
||||||
if (cln == NULL) {
|
if (cln == NULL) {
|
||||||
return NGX_ERROR;
|
return NGX_ERROR;
|
||||||
|
Loading…
Reference in New Issue
Block a user