IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-12-19 21:53:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Proxy: added the "proxy_ssl_ciphers" directive.

Browse Source 
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
This commit is contained in:
Piotr Sikora 2013-09-23 15:58:28 -07:00
parent e11584164f
commit 43736b12de
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/http/modules/ngx_http_proxy_module.c
View File

@ -80,6 +80,7 @@ typedef struct {
#if (NGX_HTTP_SSL) #if (NGX_HTTP_SSL)
ngx_uint_t ssl; ngx_uint_t ssl;
ngx_uint_t ssl_protocols; ngx_uint_t ssl_protocols;
ngx_str_t ssl_ciphers;
#endif #endif
} ngx_http_proxy_loc_conf_t; } ngx_http_proxy_loc_conf_t;
@ -538,6 +539,13 @@ static ngx_command_t ngx_http_proxy_commands[] = {
offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols), offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols),
&ngx_http_proxy_ssl_protocols }, &ngx_http_proxy_ssl_protocols },
{ ngx_string("proxy_ssl_ciphers"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_proxy_loc_conf_t, ssl_ciphers),
NULL },
#endif #endif
ngx_null_command ngx_null_command
@ -2414,6 +2422,7 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
* conf->redirects = NULL; * conf->redirects = NULL;
* conf->ssl = 0; * conf->ssl = 0;
* conf->ssl_protocols = 0; * conf->ssl_protocols = 0;
* conf->ssl_ciphers = { 0, NULL };
*/ */
conf->upstream.store = NGX_CONF_UNSET; conf->upstream.store = NGX_CONF_UNSET;
@ -2735,6 +2744,9 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
|NGX_SSL_TLSv1_2)); |NGX_SSL_TLSv1_2));
ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
"DEFAULT");
if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) { if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) {
return NGX_CONF_ERROR; return NGX_CONF_ERROR;
} }
@ -3784,6 +3796,16 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
return NGX_ERROR; return NGX_ERROR;
} }
if (SSL_CTX_set_cipher_list(plcf->upstream.ssl->ctx,
(const char *) plcf->ssl_ciphers.data)
== 0)
{
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"SSL_CTX_set_cipher_list(\"%V\") failed",
&plcf->ssl_ciphers);
return NGX_ERROR;
}
cln = ngx_pool_cleanup_add(cf->pool, 0); cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) { if (cln == NULL) {
return NGX_ERROR; return NGX_ERROR;