diff --git a/src/shrpx.cc b/src/shrpx.cc index 677974da..d3374ea2 100644 --- a/src/shrpx.cc +++ b/src/shrpx.cc @@ -2448,8 +2448,7 @@ int process_options(Config *config, tlsconf.npn_list = util::split_str(DEFAULT_NPN_LIST, ','); } if (tlsconf.tls_proto_list.empty()) { - tlsconf.tls_proto_list = - util::parse_config_str_list(DEFAULT_TLS_PROTO_LIST); + tlsconf.tls_proto_list = util::split_str(DEFAULT_TLS_PROTO_LIST, ','); } tlsconf.tls_proto_mask = ssl::create_tls_proto_mask(tlsconf.tls_proto_list); diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc index 066aa731..6ed55919 100644 --- a/src/shrpx_config.cc +++ b/src/shrpx_config.cc @@ -2309,7 +2309,7 @@ int parse_config(Config *config, int optid, const StringRef &opt, return 0; case SHRPX_OPTID_TLS_PROTO_LIST: - config->tls.tls_proto_list = util::parse_config_str_list(optarg); + config->tls.tls_proto_list = util::split_str(optarg, ','); return 0; case SHRPX_OPTID_VERIFY_CLIENT: diff --git a/src/shrpx_config.h b/src/shrpx_config.h index b3c98ed8..ff55a2a0 100644 --- a/src/shrpx_config.h +++ b/src/shrpx_config.h @@ -528,7 +528,7 @@ struct TLSConfig { // preference. std::vector npn_list; // list of supported SSL/TLS protocol strings. - std::vector tls_proto_list; + std::vector tls_proto_list; BIO_METHOD *bio_method; // Bit mask to disable SSL/TLS protocol versions. This will be // passed to SSL_CTX_set_options(). diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc index a53dbe62..6eb243aa 100644 --- a/src/shrpx_ssl.cc +++ b/src/shrpx_ssl.cc @@ -495,7 +495,7 @@ constexpr TLSProtocol TLS_PROTOS[] = { TLSProtocol{StringRef::from_lit("TLSv1.1"), SSL_OP_NO_TLSv1_1}, TLSProtocol{StringRef::from_lit("TLSv1.0"), SSL_OP_NO_TLSv1}}; -long int create_tls_proto_mask(const std::vector &tls_proto_list) { +long int create_tls_proto_mask(const std::vector &tls_proto_list) { long int res = 0; for (auto &supported : TLS_PROTOS) { diff --git a/src/shrpx_ssl.h b/src/shrpx_ssl.h index 010072a6..d7f4f8b1 100644 --- a/src/shrpx_ssl.h +++ b/src/shrpx_ssl.h @@ -176,7 +176,7 @@ bool check_http2_requirement(SSL *ssl); // Returns SSL/TLS option mask to disable SSL/TLS protocol version not // included in |tls_proto_list|. The returned mask can be directly // passed to SSL_CTX_set_options(). -long int create_tls_proto_mask(const std::vector &tls_proto_list); +long int create_tls_proto_mask(const std::vector &tls_proto_list); int set_alpn_prefs(std::vector &out, const std::vector &protos);