On Tuesday 14 Jun 2011 13:04:18 António P. P. Almeida wrote:
> On 14 Jun 2011 09h58 WEST, rob.stradling@comodo.com wrote:
<snip>
> > -#define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5"
> > +#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
<snip>
> Shouldn't there be some sort of check for the OpenSSH version?
>
> #if OPENSSL_VERSION_NUMBER >= 0x100000000
> (after 1.x code)
> #else
> (before 1.x code)
> #endif
>
> If I understood correctly this is something that appeared in 1.x. not
> existing in 0.9.x.
>
> Is it so?
Yes, the behaviour changed between OpenSSL 0.9.x and 1.x: the ECC ciphersuites
are now included in the ALL, DEFAULT, HIGH, etc, cipher strings. However,
there is no need for any check on the OpenSSL version number. Changing !ADH
to !aNULL is also appropriate for 0.9.x.
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://nginx.org/mailman/listinfo/nginx-devel