Welcome! Log In Create A New Profile

Advanced

ssl_protocols don't respected

Alfred Sawaya
July 02, 2021 12:02PM
Hello,


I am trying to configure an nginx that can accept only one ssl
protocols. In order to do that, I tried to set ssl_protocols to only one
protocol, but it does not work.

The server always accept all TLS versions.


I found that in the source code :

src/http/modules/ngx_http_ssl_module.c : 673

    ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
                         (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
                          |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));


So nginx seems to always activate TLS 1, 1.1 and 1.2. It should rather
respect the directive ssl_protocls, shouldn't it ?

Why it is not :

ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
                         (NGX_CONF_BITMASK_SET));

With a if juste before calling nginx_ssl_create to set conf->protocols
to NGX_SSL_TLSv1 | NGX_SSL_TLSv1_1 | NGX_SSL_TLSv1_2, only if
conf->protocols == 0 ?


(I also tried to use ssl_conf_command with MinProtocol and MaxProtocol,
it does not work either...)


Thank you,

Alfred

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

ssl_protocols don't respected

Alfred Sawaya 73 July 02, 2021 12:02PM

Re: ssl_protocols don't respected

Alfred Sawaya 7 July 02, 2021 12:06PM

Re: ssl_protocols don't respected

Frank Liu 10 July 03, 2021 12:48AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 42
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready