Browse Source

[mod_openssl] set Ciphersuites once API available

set Ciphersuites once API is available (SSL_CTX_set_ciphersuites())
in LibreSSL.

x-ref:
  "Add support for TLS 1.3"
  https://github.com/libressl-portable/portable/issues/228
master
Glenn Strauss 4 months ago
parent
commit
14f8f9b21c
  1. 14
      src/mod_openssl.c

14
src/mod_openssl.c

@ -3559,7 +3559,7 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
* https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html */
int rc = 0;
buffer *cipherstring = NULL;
/*buffer *ciphersuites = NULL;*/
buffer *ciphersuites = NULL;
buffer *minb = NULL;
buffer *maxb = NULL;
buffer *curves = NULL;
@ -3568,10 +3568,8 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
data_string *ds = (data_string *)s->ssl_conf_cmd->data[i];
if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("CipherString")))
cipherstring = &ds->value;
#if 0
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Ciphersuites")))
ciphersuites = &ds->value;
#endif
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Curves"))
|| buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Groups")))
curves = &ds->value;
@ -3665,6 +3663,16 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
rc = -1;
}
if (!buffer_string_is_empty(ciphersuites)) {
#if defined(LIBRESSL_VERSION_NUMBER) && defined(LIBRESSL_HAS_TLS1_3)
if (SSL_CTX_set_ciphersuites(s->ssl_ctx, ciphersuites->ptr) != 1) {
log_error(srv->errh, __FILE__, __LINE__,
"SSL: %s", ERR_error_string(ERR_get_error(), NULL));
rc = -1;
}
#endif
}
if (!buffer_string_is_empty(cipherstring)) {
/* Disable support for low encryption ciphers */
buffer_append_string_len(cipherstring,

Loading…
Cancel
Save