From bcaf1d7397c7c27081821fb35153776eccf12ef2 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Wed, 15 Mar 2017 16:20:02 +0100 Subject: [PATCH] MINOR: server: Make 'default-server' support 'ciphers' keyword. This patch makes 'default-server' directive support 'ciphers' setting. --- src/server.c | 2 ++ src/ssl_sock.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/server.c b/src/server.c index 3ae0632..2bba49f 100644 --- a/src/server.c +++ b/src/server.c @@ -1431,6 +1431,8 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr newsrv->ssl_ctx.verify = curproxy->defsrv.ssl_ctx.verify; if (curproxy->defsrv.ssl_ctx.verify_host != NULL) newsrv->ssl_ctx.verify_host = strdup(curproxy->defsrv.ssl_ctx.verify_host); + if (curproxy->defsrv.ssl_ctx.ciphers != NULL) + newsrv->ssl_ctx.ciphers = strdup(curproxy->defsrv.ssl_ctx.ciphers); #endif cur_arg = 3; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 72b3259..9d85eac 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -7487,7 +7487,7 @@ static struct bind_kw_list bind_kws = { "SSL", { }, { static struct srv_kw_list srv_kws = { "SSL", { }, { { "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */ { "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */ - { "ciphers", srv_parse_ciphers, 1, 0 }, /* select the cipher suite */ + { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */ { "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */ { "crt", srv_parse_crt, 1, 1 }, /* set client certificate */ { "force-sslv3", srv_parse_force_sslv3, 0, 1 }, /* force SSLv3 */ -- 1.7.10.4