Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: added support for TLSv1.3 in ssl_protocols directive.

Previous Message Next Message
Forum List Message List New Topic Print View
Sergey Kandaurov
April 18, 2017 09:52AM
details: http://hg.nginx.org/nginx/rev/08dc60979133
branches:
changeset: 6981:08dc60979133
user: Sergey Kandaurov <pluknet@nginx.com>
date: Tue Apr 18 15:12:38 2017 +0300
description:
SSL: added support for TLSv1.3 in ssl_protocols directive.

Support for the TLSv1.3 protocol will be introduced in OpenSSL 1.1.1.

diffstat:

src/event/ngx_event_openssl.c | 6 ++++++
src/event/ngx_event_openssl.h | 1 +
src/http/modules/ngx_http_proxy_module.c | 1 +
src/http/modules/ngx_http_ssl_module.c | 1 +
src/http/modules/ngx_http_uwsgi_module.c | 1 +
src/mail/ngx_mail_ssl_module.c | 1 +
src/stream/ngx_stream_proxy_module.c | 1 +
src/stream/ngx_stream_ssl_module.c | 1 +
8 files changed, 13 insertions(+), 0 deletions(-)

diffs (93 lines):

diff -r dbb0c854e308 -r 08dc60979133 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Tue Apr 11 16:41:53 2017 +0300
+++ b/src/event/ngx_event_openssl.c Tue Apr 18 15:12:38 2017 +0300
@@ -323,6 +323,12 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
}
#endif
+#ifdef SSL_OP_NO_TLSv1_3
+ SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
+ if (!(protocols & NGX_SSL_TLSv1_3)) {
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_3);
+ }
+#endif

#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
diff -r dbb0c854e308 -r 08dc60979133 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h Tue Apr 11 16:41:53 2017 +0300
+++ b/src/event/ngx_event_openssl.h Tue Apr 18 15:12:38 2017 +0300
@@ -131,6 +131,7 @@ typedef struct {
#define NGX_SSL_TLSv1 0x0008
#define NGX_SSL_TLSv1_1 0x0010
#define NGX_SSL_TLSv1_2 0x0020
+#define NGX_SSL_TLSv1_3 0x0040


#define NGX_SSL_BUFFER 1
diff -r dbb0c854e308 -r 08dc60979133 src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c Tue Apr 11 16:41:53 2017 +0300
+++ b/src/http/modules/ngx_http_proxy_module.c Tue Apr 18 15:12:38 2017 +0300
@@ -235,6 +235,7 @@ static ngx_conf_bitmask_t ngx_http_prox
{ ngx_string("TLSv1"), NGX_SSL_TLSv1 },
{ ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
{ ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
+ { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
{ ngx_null_string, 0 }
};

diff -r dbb0c854e308 -r 08dc60979133 src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c Tue Apr 11 16:41:53 2017 +0300
+++ b/src/http/modules/ngx_http_ssl_module.c Tue Apr 18 15:12:38 2017 +0300
@@ -57,6 +57,7 @@ static ngx_conf_bitmask_t ngx_http_ssl_
{ ngx_string("TLSv1"), NGX_SSL_TLSv1 },
{ ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
{ ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
+ { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
{ ngx_null_string, 0 }
};

diff -r dbb0c854e308 -r 08dc60979133 src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c Tue Apr 11 16:41:53 2017 +0300
+++ b/src/http/modules/ngx_http_uwsgi_module.c Tue Apr 18 15:12:38 2017 +0300
@@ -129,6 +129,7 @@ static ngx_conf_bitmask_t ngx_http_uwsg
{ ngx_string("TLSv1"), NGX_SSL_TLSv1 },
{ ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
{ ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
+ { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
{ ngx_null_string, 0 }
};

diff -r dbb0c854e308 -r 08dc60979133 src/mail/ngx_mail_ssl_module.c
--- a/src/mail/ngx_mail_ssl_module.c Tue Apr 11 16:41:53 2017 +0300
+++ b/src/mail/ngx_mail_ssl_module.c Tue Apr 18 15:12:38 2017 +0300
@@ -42,6 +42,7 @@ static ngx_conf_bitmask_t ngx_mail_ssl_
{ ngx_string("TLSv1"), NGX_SSL_TLSv1 },
{ ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
{ ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
+ { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
{ ngx_null_string, 0 }
};

diff -r dbb0c854e308 -r 08dc60979133 src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c Tue Apr 11 16:41:53 2017 +0300
+++ b/src/stream/ngx_stream_proxy_module.c Tue Apr 18 15:12:38 2017 +0300
@@ -103,6 +103,7 @@ static ngx_conf_bitmask_t ngx_stream_pr
{ ngx_string("TLSv1"), NGX_SSL_TLSv1 },
{ ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
{ ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
+ { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
{ ngx_null_string, 0 }
};

diff -r dbb0c854e308 -r 08dc60979133 src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c Tue Apr 11 16:41:53 2017 +0300
+++ b/src/stream/ngx_stream_ssl_module.c Tue Apr 18 15:12:38 2017 +0300
@@ -45,6 +45,7 @@ static ngx_conf_bitmask_t ngx_stream_ss
{ ngx_string("TLSv1"), NGX_SSL_TLSv1 },
{ ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
{ ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
+ { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
{ ngx_null_string, 0 }
};

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] SSL: added support for TLSv1.3 in ssl_protocols directive.

Sergey Kandaurov 468 April 18, 2017 09:52AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 308
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready