[PATCH] Proxy: added the "proxy_ssl_ciphers" directive.

Maxim Dounin mdounin at mdounin.ru
Mon Sep 23 14:27:27 UTC 2013


Hello!

On Sun, Sep 22, 2013 at 10:40:23PM -0700, Piotr Sikora wrote:

> # HG changeset patch
> # User Piotr Sikora <piotr at cloudflare.com>
> # Date 1379914582 25200
> #      Sun Sep 22 22:36:22 2013 -0700
> # Node ID 1039d5b5365dd553a5cc3fbca95a6f3aa9ff6dc2
> # Parent  0fbcfab0bfd72dbc40c3ee75665e81a08ed2fa0b
> Proxy: added the "proxy_ssl_ciphers" directive.

Already asked in another thread if it really worth adding.

[...]

> +#define NGX_DEFAULT_CIPHERS  "HIGH:!aNULL:!MD5"

[...]

> +    ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
> +                             NGX_DEFAULT_CIPHERS);

This modifies current behaviour, and only allows to use 
HIGH:!aNULL:!MD5 chipers by default.  Are there any specific 
reasons to?

The "!aNULL" looks especially wierd, as we don't check peers 
certificates anyway.

-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx-devel mailing list