[PATCH v2] uwsgi over ssl

Maxim Dounin mdounin at mdounin.ru
Wed Dec 4 19:02:52 UTC 2013


Hello!

On Wed, Dec 04, 2013 at 04:55:53PM +0100, Roberto De Ioris wrote:

> 
> > Hello!
> >
> > On Tue, Nov 19, 2013 at 11:24:50AM +0100, Roberto De Ioris wrote:
> >
> >> Hi, this is a new patch for uwsgi over ssl support aimed at nginx 1.5.x
> >>
> >> It now exposes 4 options:
> >>
> >> uwsgi_ssl
> >>
> >> uwsgi_ssl_session_reuse
> >>
> >> uwsgi_ssl_protocols
> >>
> >> uwsgi_ssl_ciphers
> >
> > Sorry for long delay.  I've looked into this, and I tend to think
> > that "uwsgi_ssl" is a wrong aproach.  E.g., consider the following
> > configuration:
> >
> >     location / {
> >         uwsgi_pass upstream1;
> >         uwsgi_ssl on;
> >
> >         location /nested/ {
> >             uwsgi_pass upstream2;
> >             uwsgi_ssl_protocols TLSv2;
> >         }
> >     }
> >
> > Requests to upstream2 will use SSL, but uwsgi_ssl_protocols won't
> > have any effect.  While this is easy to fix, this is certainly
> > counter-intuitive.
> >
> > Instead, I think it would be better to use something like this:
> >
> >     uwsgi_pass uwsgis://upstream;
> >
> 
> in uWSGI it is marked as "suwsgi" (secure uwsgi), so i think it would be
> better to call it in the same way ;)
> 
> A part from this it is +1 for me

Renamed and committed, thanks!

-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx-devel mailing list