[PATCH] Proxy: added the "proxy_ssl_ciphers" directive.
Maxim Dounin
mdounin at mdounin.ru
Mon Sep 23 14:27:27 UTC 2013
Hello!
On Sun, Sep 22, 2013 at 10:40:23PM -0700, Piotr Sikora wrote:
> # HG changeset patch
> # User Piotr Sikora <piotr at cloudflare.com>
> # Date 1379914582 25200
> # Sun Sep 22 22:36:22 2013 -0700
> # Node ID 1039d5b5365dd553a5cc3fbca95a6f3aa9ff6dc2
> # Parent 0fbcfab0bfd72dbc40c3ee75665e81a08ed2fa0b
> Proxy: added the "proxy_ssl_ciphers" directive.
Already asked in another thread if it really worth adding.
[...]
> +#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
[...]
> + ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
> + NGX_DEFAULT_CIPHERS);
This modifies current behaviour, and only allows to use
HIGH:!aNULL:!MD5 chipers by default. Are there any specific
reasons to?
The "!aNULL" looks especially wierd, as we don't check peers
certificates anyway.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx-devel
mailing list