|
|
@ -3559,7 +3559,7 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s) |
|
|
|
* https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html */ |
|
|
|
int rc = 0; |
|
|
|
buffer *cipherstring = NULL; |
|
|
|
/*buffer *ciphersuites = NULL;*/ |
|
|
|
buffer *ciphersuites = NULL; |
|
|
|
buffer *minb = NULL; |
|
|
|
buffer *maxb = NULL; |
|
|
|
buffer *curves = NULL; |
|
|
@ -3568,10 +3568,8 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s) |
|
|
|
data_string *ds = (data_string *)s->ssl_conf_cmd->data[i]; |
|
|
|
if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("CipherString"))) |
|
|
|
cipherstring = &ds->value; |
|
|
|
#if 0 |
|
|
|
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Ciphersuites"))) |
|
|
|
ciphersuites = &ds->value; |
|
|
|
#endif |
|
|
|
else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Curves")) |
|
|
|
|| buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Groups"))) |
|
|
|
curves = &ds->value; |
|
|
@ -3665,6 +3663,16 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s) |
|
|
|
rc = -1; |
|
|
|
} |
|
|
|
|
|
|
|
if (!buffer_string_is_empty(ciphersuites)) { |
|
|
|
#if defined(LIBRESSL_VERSION_NUMBER) && defined(LIBRESSL_HAS_TLS1_3) |
|
|
|
if (SSL_CTX_set_ciphersuites(s->ssl_ctx, ciphersuites->ptr) != 1) { |
|
|
|
log_error(srv->errh, __FILE__, __LINE__, |
|
|
|
"SSL: %s", ERR_error_string(ERR_get_error(), NULL)); |
|
|
|
rc = -1; |
|
|
|
} |
|
|
|
#endif |
|
|
|
} |
|
|
|
|
|
|
|
if (!buffer_string_is_empty(cipherstring)) { |
|
|
|
/* Disable support for low encryption ciphers */ |
|
|
|
buffer_append_string_len(cipherstring, |
|
|
|