Skip to content

Commit

Permalink
Disabled SSLv3 by default (ticket #653).
Browse files Browse the repository at this point in the history
  • Loading branch information
@mdounin
mdounin committed May 25, 2015
1 parent 226647e commit 724f0f0
Show file tree
Hide file tree
Showing 6 changed files with 9 additions and 12 deletions.
5 changes: 2 additions & 3 deletions src/http/modules/ngx_http_proxy_module.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3168,9 +3168,8 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
prev->upstream.ssl_session_reuse, 1);

ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
|NGX_SSL_TLSv1_2));
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));

ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
"DEFAULT");
Expand Down
2 changes: 1 addition & 1 deletion src/http/modules/ngx_http_ssl_module.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -561,7 +561,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
prev->prefer_server_ciphers, 0);

ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));

ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
Expand Down
5 changes: 2 additions & 3 deletions src/http/modules/ngx_http_uwsgi_module.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1724,9 +1724,8 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
prev->upstream.ssl_session_reuse, 1);

ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
|NGX_SSL_TLSv1_2));
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));

ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
"DEFAULT");
Expand Down
2 changes: 1 addition & 1 deletion src/mail/ngx_mail_ssl_module.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -284,7 +284,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
prev->prefer_server_ciphers, 0);

ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));

ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
Expand Down
5 changes: 2 additions & 3 deletions src/stream/ngx_stream_proxy_module.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1139,9 +1139,8 @@ ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
prev->ssl_session_reuse, 1);

ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3
|NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
|NGX_SSL_TLSv1_2));
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));

ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT");

Expand Down
2 changes: 1 addition & 1 deletion src/stream/ngx_stream_ssl_module.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
prev->prefer_server_ciphers, 0);

ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));

ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
Expand Down

0 comments on commit 724f0f0

Please sign in to comment.