Welcome! Log In Create A New Profile

Advanced

[PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

Piotr Sikora
September 23, 2013 01:42AM
# HG changeset patch
# User Piotr Sikora <piotr@cloudflare.com>
# Date 1379914582 25200
# Sun Sep 22 22:36:22 2013 -0700
# Node ID 1039d5b5365dd553a5cc3fbca95a6f3aa9ff6dc2
# Parent 0fbcfab0bfd72dbc40c3ee75665e81a08ed2fa0b
Proxy: added the "proxy_ssl_ciphers" directive.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>

diff -r 0fbcfab0bfd7 -r 1039d5b5365d src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c Sun Sep 22 22:36:11 2013 -0700
+++ b/src/http/modules/ngx_http_proxy_module.c Sun Sep 22 22:36:22 2013 -0700
@@ -10,6 +10,9 @@
#include <ngx_http.h>


+#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
+
+
typedef struct ngx_http_proxy_rewrite_s ngx_http_proxy_rewrite_t;

typedef ngx_int_t (*ngx_http_proxy_rewrite_pt)(ngx_http_request_t *r,
@@ -80,6 +83,7 @@ typedef struct {
#if (NGX_HTTP_SSL)
ngx_uint_t ssl;
ngx_uint_t ssl_protocols;
+ ngx_str_t ssl_ciphers;
#endif
} ngx_http_proxy_loc_conf_t;

@@ -538,6 +542,13 @@ static ngx_command_t ngx_http_proxy_com
offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols),
&ngx_http_proxy_ssl_protocols },

+ { ngx_string("proxy_ssl_ciphers"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_proxy_loc_conf_t, ssl_ciphers),
+ NULL },
+
#endif

ngx_null_command
@@ -2414,6 +2425,7 @@ ngx_http_proxy_create_loc_conf(ngx_conf_
* conf->redirects = NULL;
* conf->ssl = 0;
* conf->ssl_protocols = 0;
+ * conf->ssl_ciphers = { 0, NULL };
*/

conf->upstream.store = NGX_CONF_UNSET;
@@ -2735,6 +2747,9 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
|NGX_SSL_TLSv1_2));

+ ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
+ NGX_DEFAULT_CIPHERS);
+
if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) {
return NGX_CONF_ERROR;
}
@@ -3784,6 +3799,16 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, n
return NGX_ERROR;
}

+ if (SSL_CTX_set_cipher_list(plcf->upstream.ssl->ctx,
+ (const char *) plcf->ssl_ciphers.data)
+ == 0)
+ {
+ ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
+ "SSL_CTX_set_cipher_list(\"%V\") failed",
+ &plcf->ssl_ciphers);
+ return NGX_ERROR;
+ }
+
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
return NGX_ERROR;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

Piotr Sikora 1020 September 23, 2013 01:42AM

Re: [PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

Maxim Dounin 441 September 23, 2013 10:28AM

Re: [PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

Piotr Sikora 1047 September 23, 2013 06:56PM

Re: [PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

Piotr Sikora 460 September 23, 2013 07:00PM

Re: [PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

Maxim Dounin 413 September 24, 2013 09:40AM

Re: [PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

Piotr Sikora 420 September 24, 2013 08:04PM

Re: [PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

Maxim Dounin 493 September 25, 2013 08:46AM

Re: [PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

Piotr Sikora 387 September 23, 2013 07:18PM

Re: [PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

Maxim Dounin 1612 September 24, 2013 09:40AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 162
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready