From 8d7b1d222e7a7a9de35594eac18bd00308d5e7f9 Mon Sep 17 00:00:00 2001 From: Igor Sysoev Date: Mon, 27 Jun 2011 15:47:51 +0000 Subject: [PATCH] use !aNULL to disable all anonymous cipher suites patch by Rob Stradling --- conf/nginx.conf | 2 +- src/http/modules/ngx_http_ssl_module.c | 2 +- src/mail/ngx_mail_ssl_module.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 672ce8c83..3bb338936 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -106,7 +106,7 @@ http { # ssl_session_timeout 5m; # ssl_protocols SSLv2 SSLv3 TLSv1; - # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; + # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index ee6cc6f05..1860050d3 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -13,7 +13,7 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); -#define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" +#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c index de463e96b..9dd9dfd15 100644 --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -9,7 +9,7 @@ #include -#define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" +#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);