nghttpx: Remove cipher suite requirement
This makes the library h2-16 compatible now.
This commit is contained in:
Tatsuhiro Tsujikawa
parent
b9667fd209
commit
dcc7b23980
|
|
@ -1370,8 +1370,10 @@ int Http2Session::on_connect() {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!get_config()->downstream_no_tls && !ssl::check_http2_requirement(ssl_)) {
|
auto must_terminate =
|
||||||
|
!get_config()->downstream_no_tls && !ssl::check_http2_requirement(ssl_);
|
||||||
|
|
||||||
|
if (must_terminate) {
|
||||||
rv = terminate_session(NGHTTP2_INADEQUATE_SECURITY);
|
rv = terminate_session(NGHTTP2_INADEQUATE_SECURITY);
|
||||||
|
|
||||||
if (rv != 0) {
|
if (rv != 0) {
|
||||||
|
|
@ -1384,8 +1386,7 @@ int Http2Session::on_connect() {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!get_config()->downstream_no_tls && !ssl::check_http2_requirement(ssl_)) {
|
if (must_terminate) {
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -874,40 +874,6 @@ bool in_proto_list(const std::vector<char *> &protos,
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// This enum was generated by mkcipherlist.py
|
|
||||||
enum {
|
|
||||||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009Eu,
|
|
||||||
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009Fu,
|
|
||||||
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2u,
|
|
||||||
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3u,
|
|
||||||
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AAu,
|
|
||||||
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00ABu,
|
|
||||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02Bu,
|
|
||||||
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02Cu,
|
|
||||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02Fu,
|
|
||||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030u,
|
|
||||||
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC052u,
|
|
||||||
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC053u,
|
|
||||||
TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC056u,
|
|
||||||
TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC057u,
|
|
||||||
TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05Cu,
|
|
||||||
TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05Du,
|
|
||||||
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC060u,
|
|
||||||
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC061u,
|
|
||||||
TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06Cu,
|
|
||||||
TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06Du,
|
|
||||||
TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07Cu,
|
|
||||||
TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07Du,
|
|
||||||
TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080u,
|
|
||||||
TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081u,
|
|
||||||
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086u,
|
|
||||||
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087u,
|
|
||||||
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08Au,
|
|
||||||
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08Bu,
|
|
||||||
TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090u,
|
|
||||||
TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091u,
|
|
||||||
};
|
|
||||||
|
|
||||||
bool check_http2_requirement(SSL *ssl) {
|
bool check_http2_requirement(SSL *ssl) {
|
||||||
auto tls_ver = SSL_version(ssl);
|
auto tls_ver = SSL_version(ssl);
|
||||||
|
|
||||||
|
|
@ -922,47 +888,6 @@ bool check_http2_requirement(SSL *ssl) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
auto cipher = SSL_get_current_cipher(ssl);
|
|
||||||
|
|
||||||
switch (SSL_CIPHER_get_id(cipher) & 0xffffu) {
|
|
||||||
// This case labels were generated by mkcipherlist.py
|
|
||||||
case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
|
|
||||||
case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
|
|
||||||
case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
|
|
||||||
case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
|
|
||||||
case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:
|
|
||||||
case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:
|
|
||||||
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
|
|
||||||
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
|
|
||||||
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
|
|
||||||
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
|
|
||||||
case TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256:
|
|
||||||
case TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384:
|
|
||||||
case TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256:
|
|
||||||
case TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384:
|
|
||||||
case TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256:
|
|
||||||
case TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384:
|
|
||||||
case TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256:
|
|
||||||
case TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384:
|
|
||||||
case TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256:
|
|
||||||
case TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384:
|
|
||||||
case TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
|
|
||||||
case TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
|
|
||||||
case TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256:
|
|
||||||
case TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384:
|
|
||||||
case TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
|
|
||||||
case TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384:
|
|
||||||
case TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256:
|
|
||||||
case TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384:
|
|
||||||
case TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256:
|
|
||||||
case TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384:
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO Check number of bits
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue