Removed SSLv2 methods from serviceInitSSL because OpenSSL 1.1.0 does not support them.
This commit is contained in:
@ -349,7 +349,6 @@ This is the Certificate Authority file. It will be used to verify that both the
|
|||||||
### `ssl_version`
|
### `ssl_version`
|
||||||
|
|
||||||
This parameter controls the level of encryption used. Accepted values are:
|
This parameter controls the level of encryption used. Accepted values are:
|
||||||
* SSLv2
|
|
||||||
* SSLv3
|
* SSLv3
|
||||||
* TLSv10
|
* TLSv10
|
||||||
* TLSv11
|
* TLSv11
|
||||||
|
@ -11,5 +11,5 @@ ssl | disabled, enabled, required |`disable` disables SSL, `enabled` ena
|
|||||||
ssl_cert | path to file |Path to server certificate
|
ssl_cert | path to file |Path to server certificate
|
||||||
ssl_key | path to file |Path to server private key
|
ssl_key | path to file |Path to server private key
|
||||||
ssl_ca_cert | path to file |Path to Certificate Authority file
|
ssl_ca_cert | path to file |Path to Certificate Authority file
|
||||||
ssl_version|SSLV2,SSLV3,TLSV10,TLSV11,TLSV12,MAX| The SSL method level, defaults to highest available encryption level which is TLSv1.2
|
ssl_version|SSLV3,TLSV10,TLSV11,TLSV12,MAX| The SSL method level, defaults to highest available encryption level which is TLSv1.2
|
||||||
ssl_cert_verify_depth|integer|Certificate authority certificate verification depth, default is 100.
|
ssl_cert_verify_depth|integer|Certificate authority certificate verification depth, default is 100.
|
||||||
|
@ -909,9 +909,7 @@ serviceSetCertificates(SERVICE *service, char* cert,char* key, char* ca_cert)
|
|||||||
int
|
int
|
||||||
serviceSetSSLVersion(SERVICE *service, char* version)
|
serviceSetSSLVersion(SERVICE *service, char* version)
|
||||||
{
|
{
|
||||||
if(strcasecmp(version,"SSLV2") == 0)
|
if(strcasecmp(version,"SSLV3") == 0)
|
||||||
service->ssl_method_type = SERVICE_SSLV2;
|
|
||||||
else if(strcasecmp(version,"SSLV3") == 0)
|
|
||||||
service->ssl_method_type = SERVICE_SSLV3;
|
service->ssl_method_type = SERVICE_SSLV3;
|
||||||
else if(strcasecmp(version,"TLSV10") == 0)
|
else if(strcasecmp(version,"TLSV10") == 0)
|
||||||
service->ssl_method_type = SERVICE_TLS10;
|
service->ssl_method_type = SERVICE_TLS10;
|
||||||
@ -1952,9 +1950,6 @@ int serviceInitSSL(SERVICE* service)
|
|||||||
{
|
{
|
||||||
switch(service->ssl_method_type)
|
switch(service->ssl_method_type)
|
||||||
{
|
{
|
||||||
case SERVICE_SSLV2:
|
|
||||||
service->method = (SSL_METHOD*)SSLv2_server_method();
|
|
||||||
break;
|
|
||||||
case SERVICE_SSLV3:
|
case SERVICE_SSLV3:
|
||||||
service->method = (SSL_METHOD*)SSLv3_server_method();
|
service->method = (SSL_METHOD*)SSLv3_server_method();
|
||||||
break;
|
break;
|
||||||
|
@ -115,7 +115,6 @@ typedef enum {
|
|||||||
} ssl_mode_t;
|
} ssl_mode_t;
|
||||||
|
|
||||||
enum{
|
enum{
|
||||||
SERVICE_SSLV2,
|
|
||||||
SERVICE_SSLV3,
|
SERVICE_SSLV3,
|
||||||
SERVICE_TLS10,
|
SERVICE_TLS10,
|
||||||
SERVICE_TLS11,
|
SERVICE_TLS11,
|
||||||
@ -175,10 +174,10 @@ typedef struct service {
|
|||||||
char *weightby;
|
char *weightby;
|
||||||
struct service *next; /**< The next service in the linked list */
|
struct service *next; /**< The next service in the linked list */
|
||||||
SSL_CTX *ctx;
|
SSL_CTX *ctx;
|
||||||
SSL_METHOD *method; /*< SSLv2/3 or TLSv1/2 methods
|
SSL_METHOD *method; /*< SSLv3 or TLS1.0/1.1/1.2 methods
|
||||||
* see: https://www.openssl.org/docs/ssl/SSL_CTX_new.html */
|
* see: https://www.openssl.org/docs/ssl/SSL_CTX_new.html */
|
||||||
int ssl_cert_verify_depth; /*< SSL certificate verification depth */
|
int ssl_cert_verify_depth; /*< SSL certificate verification depth */
|
||||||
int ssl_method_type; /*< Which of the SSLv2/3 or TLS1.0/1.1/1.2 methods to use */
|
int ssl_method_type; /*< Which of the SSLv3 or TLS1.0/1.1/1.2 methods to use */
|
||||||
char* ssl_cert; /*< SSL certificate */
|
char* ssl_cert; /*< SSL certificate */
|
||||||
char* ssl_key; /*< SSL private key */
|
char* ssl_key; /*< SSL private key */
|
||||||
char* ssl_ca_cert; /*< SSL CA certificate */
|
char* ssl_ca_cert; /*< SSL CA certificate */
|
||||||
|
Reference in New Issue
Block a user