Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
N
nghttp2
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Libraries
nghttp2
Commits
dcc7b239
Commit
dcc7b239
authored
Nov 30, 2014
by
Tatsuhiro Tsujikawa
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
nghttpx: Remove cipher suite requirement
This makes the library h2-16 compatible now.
parent
b9667fd2
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
4 additions
and
78 deletions
+4
-78
src/shrpx_http2_session.cc
src/shrpx_http2_session.cc
+4
-3
src/shrpx_ssl.cc
src/shrpx_ssl.cc
+0
-75
No files found.
src/shrpx_http2_session.cc
View file @
dcc7b239
...
@@ -1370,8 +1370,10 @@ int Http2Session::on_connect() {
...
@@ -1370,8 +1370,10 @@ int Http2Session::on_connect() {
return
-
1
;
return
-
1
;
}
}
if
(
!
get_config
()
->
downstream_no_tls
&&
!
ssl
::
check_http2_requirement
(
ssl_
))
{
auto
must_terminate
=
!
get_config
()
->
downstream_no_tls
&&
!
ssl
::
check_http2_requirement
(
ssl_
);
if
(
must_terminate
)
{
rv
=
terminate_session
(
NGHTTP2_INADEQUATE_SECURITY
);
rv
=
terminate_session
(
NGHTTP2_INADEQUATE_SECURITY
);
if
(
rv
!=
0
)
{
if
(
rv
!=
0
)
{
...
@@ -1384,8 +1386,7 @@ int Http2Session::on_connect() {
...
@@ -1384,8 +1386,7 @@ int Http2Session::on_connect() {
return
-
1
;
return
-
1
;
}
}
if
(
!
get_config
()
->
downstream_no_tls
&&
!
ssl
::
check_http2_requirement
(
ssl_
))
{
if
(
must_terminate
)
{
return
0
;
return
0
;
}
}
...
...
src/shrpx_ssl.cc
View file @
dcc7b239
...
@@ -874,40 +874,6 @@ bool in_proto_list(const std::vector<char *> &protos,
...
@@ -874,40 +874,6 @@ bool in_proto_list(const std::vector<char *> &protos,
return
false
;
return
false
;
}
}
// This enum was generated by mkcipherlist.py
enum
{
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
=
0x009Eu
,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
=
0x009Fu
,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
=
0x00A2u
,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
=
0x00A3u
,
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
=
0x00AAu
,
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
=
0x00ABu
,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
=
0xC02Bu
,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
=
0xC02Cu
,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
=
0xC02Fu
,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
=
0xC030u
,
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
=
0xC052u
,
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
=
0xC053u
,
TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
=
0xC056u
,
TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384
=
0xC057u
,
TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
=
0xC05Cu
,
TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
=
0xC05Du
,
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
=
0xC060u
,
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
=
0xC061u
,
TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
=
0xC06Cu
,
TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
=
0xC06Du
,
TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
=
0xC07Cu
,
TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
=
0xC07Du
,
TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
=
0xC080u
,
TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
=
0xC081u
,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
=
0xC086u
,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
=
0xC087u
,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
=
0xC08Au
,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
=
0xC08Bu
,
TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
=
0xC090u
,
TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
=
0xC091u
,
};
bool
check_http2_requirement
(
SSL
*
ssl
)
{
bool
check_http2_requirement
(
SSL
*
ssl
)
{
auto
tls_ver
=
SSL_version
(
ssl
);
auto
tls_ver
=
SSL_version
(
ssl
);
...
@@ -922,47 +888,6 @@ bool check_http2_requirement(SSL *ssl) {
...
@@ -922,47 +888,6 @@ bool check_http2_requirement(SSL *ssl) {
return
false
;
return
false
;
}
}
auto
cipher
=
SSL_get_current_cipher
(
ssl
);
switch
(
SSL_CIPHER_get_id
(
cipher
)
&
0xffffu
)
{
// This case labels were generated by mkcipherlist.py
case
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
:
case
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
:
case
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
:
case
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
:
case
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
:
case
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
:
case
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
:
case
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
:
case
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
:
case
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
:
case
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
:
case
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
:
case
TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256
:
case
TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384
:
case
TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
:
case
TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
:
case
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
:
case
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
:
case
TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
:
case
TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
:
case
TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
:
case
TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
:
case
TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
:
case
TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
:
case
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
:
case
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
:
case
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
:
case
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
:
case
TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
:
case
TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
:
break
;
default:
return
false
;
}
// TODO Check number of bits
return
true
;
return
true
;
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment