Add support for PSK cipher suites patch
Sékine Coulibaly
scoulibaly at gmail.com
Thu Jan 25 16:07:03 UTC 2018
Nate,Maxim,
I found a patch here
(http://mailman.nginx.org/pipermail/nginx-devel/2017-September/010449.html)
regarding the PSK spport in Nginx. I can not make the new parameter
ssl_psk_file work.
I applied it to release-1.13.5 successfully.
I updated my nginx.conf to
stream {
upstream dtls_udp_upstreams {
hash $remote_addr:remote_port;
server preprod.mycorp.com:5685;
}
server {
listen 5684 udp ssl;
ssl_protocols DTLSv1.2;
ssl_ciphers PSK-AES128-CBC-SHA;
ssl_psk_file /tmp/cred.txt;
ssl_certificate /tmp/server.pem;
ssl_certificate_key /tmp/server.key;
proxy_pass dtls_udp_upstreams;
}
My issue is that although /tmp/cred.txt file exists, Nginx returns :
nginx: [emerg] unknown directive "ssl_psk_file" in /tmp/nginx.conf:26.
I checked the source files, it looks like the patch has been correctly applied.
Would you mind posting the complete/corrected patch I could apply and test ?
I'm using DTLS client with PSK load-balancer and I could experiment the setup.
My patching application looks like :
git checkout release-1.13.5
patch -p1 -i pskpatch.diff
Thank you !
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180125/6f61ac34/attachment.html>
More information about the nginx
mailing list