[nginx] Proxy: added the "proxy_ssl_protocols" directive.

Piotr Sikora piotr at cloudflare.com
Mon Sep 23 05:47:05 UTC 2013


Hi Andrei,

> +#if (NGX_HTTP_SSL)
> +
> +static ngx_conf_bitmask_t  ngx_http_proxy_ssl_protocols[] = {
> +    { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
> +    { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
> +    { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
> +    { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
> +    { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
> +    { ngx_null_string, 0 }
> +};
> +
> +#endif

I'm a bit biased, because I was cleaning up patchset with
"proxy_ssl_protocols" and "proxy_ssl_ciphers" directives to send to
the mailing list when you committed this, but wouldn't it make more
sense to either expose & reuse ngx_http_ssl_protocols or ideally push
this and other definitions back to ngx_event_openssl module instead of
having exactly the same bitmask & NGX_DEFAULT_CIPHERS defined in 3
different places (ngx_http_ssl_module, ngx_http_proxy_ssl_module &
ngx_mail_ssl_module)?

Best regards,
Piotr Sikora



More information about the nginx-devel mailing list