Klaus Demo nginx / cf9dd76
disable SSLv2 and low ciphers by default Igor Sysoev 12 years ago
2 changed file(s) with 4 addition(s) and 6 deletion(s). Raw diff Collapse all Expand all
1212 ngx_pool_t *pool, ngx_str_t *s);
1313
1414
15 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
15 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM"
1616
1717
1818 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
346346 prev->prefer_server_ciphers, 0);
347347
348348 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
349 (NGX_CONF_BITMASK_SET
350 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
349 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
351350
352351 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
353352 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
88 #include <ngx_mail.h>
99
1010
11 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
11 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM"
1212
1313
1414 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
197197 prev->prefer_server_ciphers, 0);
198198
199199 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
200 (NGX_CONF_BITMASK_SET
201 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
200 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
202201
203202 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
204203 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");