nghttpx: Show default cipher list in -h
This commit is contained in:
parent
fc9bdf024f
commit
cbca2e35b5
|
@ -1354,6 +1354,9 @@ void fill_default_config(Config *config) {
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsconf.session_timeout = std::chrono::hours(12);
|
tlsconf.session_timeout = std::chrono::hours(12);
|
||||||
|
tlsconf.ciphers = StringRef::from_lit(nghttp2::ssl::DEFAULT_CIPHER_LIST);
|
||||||
|
tlsconf.client.ciphers =
|
||||||
|
StringRef::from_lit(nghttp2::ssl::DEFAULT_CIPHER_LIST);
|
||||||
#if OPENSSL_1_1_API
|
#if OPENSSL_1_1_API
|
||||||
tlsconf.ecdh_curves = StringRef::from_lit("X25519:P-256:P-384:P-521");
|
tlsconf.ecdh_curves = StringRef::from_lit("X25519:P-256:P-384:P-521");
|
||||||
#else // !OPENSSL_1_1_API
|
#else // !OPENSSL_1_1_API
|
||||||
|
@ -1898,9 +1901,13 @@ SSL/TLS:
|
||||||
--ciphers=<SUITE>
|
--ciphers=<SUITE>
|
||||||
Set allowed cipher list for frontend connection. The
|
Set allowed cipher list for frontend connection. The
|
||||||
format of the string is described in OpenSSL ciphers(1).
|
format of the string is described in OpenSSL ciphers(1).
|
||||||
|
Default: )"
|
||||||
|
<< config->tls.ciphers << R"(
|
||||||
--client-ciphers=<SUITE>
|
--client-ciphers=<SUITE>
|
||||||
Set allowed cipher list for backend connection. The
|
Set allowed cipher list for backend connection. The
|
||||||
format of the string is described in OpenSSL ciphers(1).
|
format of the string is described in OpenSSL ciphers(1).
|
||||||
|
Default: )"
|
||||||
|
<< config->tls.client.ciphers << R"(
|
||||||
--ecdh-curves=<LIST>
|
--ecdh-curves=<LIST>
|
||||||
Set supported curve list for frontend connections.
|
Set supported curve list for frontend connections.
|
||||||
<LIST> is a colon separated list of curve NID or names
|
<LIST> is a colon separated list of curve NID or names
|
||||||
|
|
|
@ -645,15 +645,8 @@ SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file,
|
||||||
|
|
||||||
SSL_CTX_set_timeout(ssl_ctx, tlsconf.session_timeout.count());
|
SSL_CTX_set_timeout(ssl_ctx, tlsconf.session_timeout.count());
|
||||||
|
|
||||||
const char *ciphers;
|
if (SSL_CTX_set_cipher_list(ssl_ctx, tlsconf.ciphers.c_str()) == 0) {
|
||||||
if (!tlsconf.ciphers.empty()) {
|
LOG(FATAL) << "SSL_CTX_set_cipher_list " << tlsconf.ciphers
|
||||||
ciphers = tlsconf.ciphers.c_str();
|
|
||||||
} else {
|
|
||||||
ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) == 0) {
|
|
||||||
LOG(FATAL) << "SSL_CTX_set_cipher_list " << ciphers
|
|
||||||
<< " failed: " << ERR_error_string(ERR_get_error(), nullptr);
|
<< " failed: " << ERR_error_string(ERR_get_error(), nullptr);
|
||||||
DIE();
|
DIE();
|
||||||
}
|
}
|
||||||
|
@ -873,14 +866,8 @@ SSL_CTX *create_ssl_client_context(
|
||||||
|
|
||||||
SSL_CTX_set_options(ssl_ctx, ssl_opts | tlsconf.tls_proto_mask);
|
SSL_CTX_set_options(ssl_ctx, ssl_opts | tlsconf.tls_proto_mask);
|
||||||
|
|
||||||
const char *ciphers;
|
if (SSL_CTX_set_cipher_list(ssl_ctx, tlsconf.client.ciphers.c_str()) == 0) {
|
||||||
if (!tlsconf.client.ciphers.empty()) {
|
LOG(FATAL) << "SSL_CTX_set_cipher_list " << tlsconf.client.ciphers
|
||||||
ciphers = tlsconf.client.ciphers.c_str();
|
|
||||||
} else {
|
|
||||||
ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST;
|
|
||||||
}
|
|
||||||
if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) == 0) {
|
|
||||||
LOG(FATAL) << "SSL_CTX_set_cipher_list " << ciphers
|
|
||||||
<< " failed: " << ERR_error_string(ERR_get_error(), nullptr);
|
<< " failed: " << ERR_error_string(ERR_get_error(), nullptr);
|
||||||
DIE();
|
DIE();
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue