[PATCH] Enable SSL_OP_PRIORITIZE_CHACHA for server-side SSL contexts

Pascal Ernster nginx-devel at hardfalcon.net
Sat May 4 01:18:12 UTC 2019

Hi Maxim,

[2019-05-04 02:37] Maxim Dounin:
> Thank you for the patch.
> See comments here:
> https://trac.nginx.org/nginx/ticket/1445

In the first comment on that ticket, you write

> At most, we can consider a generic interface to set various OpenSSL options.

Would there be a realistic chance of you accepting a patch that simply
exposes OpenSSL's SSL_CONF_cmd() through the nginx config file(s)?

It would of course do the obvious basic checks using
SSL_CONF_cmd_value_type() like
"Does the requested option exist in OpenSSL?",
"If a file/directory was specified, does it exist and is it readable?",
"If a relative file/directory was specified, prepend the nginx
configuration directory path to the string.",
and would of course check the return value of SSL_CONF_cmd() itself, but
it would *not* try to do anything further like "Prevent the user from
overriding settings made through other nginx configuration directives".

Since I'm not too experienced in writing C code, it would be quite a bit
of work for me, so I'd like to know beforehand if it would be worth the
effort at all, or if you'd reject the patch anyhow.


More information about the nginx-devel mailing list