| #
1975:6a47cab8f271 |
| 26-Oct-2021 |
Valentin Bartenev |
Custom implementation of Base64 decoding function.
Compared to the previous implementation based on OpenSSL, the new implementation
has these advantages:
1. Strict and reliable detection of invali
Custom implementation of Base64 decoding function.
Compared to the previous implementation based on OpenSSL, the new implementation
has these advantages:
1. Strict and reliable detection of invalid strings, including strings with
less than 4 bytes of garbage at the end;
2. Allows to use Base64 strings without '=' padding.
show more ...
|
| #
1952:0bca988e9541 |
| 25-Aug-2021 |
Valentin Bartenev |
TLS: refactored nxt_tls_ticket_key_callback().
Deduplicated code and improved style.
No functional changes.
|
|
Revision tags: 1.25.0-1, 1.25.0 |
|
| #
1942:296628096d6c |
| 17-Aug-2021 |
Andrey Suvorov |
Added TLS session tickets support.
|
| #
1920:7c19530e2502 |
| 21-Jul-2021 |
Andrey Suvorov |
Enabling configure TLS sessions.
To support TLS sessions, Unit uses the OpenSSL built-in session cache; the
cache_size option defines the number sessions to store. To disable the feather,
the optio
Enabling configure TLS sessions.
To support TLS sessions, Unit uses the OpenSSL built-in session cache; the
cache_size option defines the number sessions to store. To disable the feather,
the option must be zero.
show more ...
|
|
Revision tags: 1.24.0-1, 1.24.0 |
|
| #
1885:09b857a2cca9 |
| 26-May-2021 |
Andrey Suvorov |
Enabling SSL_CTX configuration by using SSL_CONF_cmd().
To perform various configuration operations on SSL_CTX, OpenSSL provides
SSL_CONF_cmd(). Specifically, to configure ciphers for a listener,
"
Enabling SSL_CTX configuration by using SSL_CONF_cmd().
To perform various configuration operations on SSL_CTX, OpenSSL provides
SSL_CONF_cmd(). Specifically, to configure ciphers for a listener,
"CipherString" and "Ciphersuites" file commands are used:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html
This feature can be configured in the "tls/conf_commands" section.
show more ...
|
| #
1884:4645a43bc248 |
| 26-May-2021 |
Andrey Suvorov |
Fixing crash during TLS connection shutdown.
A crash was caused by an incorrect timer handler nxt_h1p_idle_timeout() if
SSL_shutdown() returned SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
The flag SS
Fixing crash during TLS connection shutdown.
A crash was caused by an incorrect timer handler nxt_h1p_idle_timeout() if
SSL_shutdown() returned SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
The flag SSL_RECEIVED_SHUTDOWN is used to avoid getting SSL_ERROR_WANT_READ, so
the server won't wait for a close notification from a client.
For SSL_ERROR_WANT_WRITE, a correct timer handler is set up.
show more ...
|
|
Revision tags: 1.23.0-1, 1.23.0 |
|
| #
1828:c548e46fe516 |
| 24-Mar-2021 |
Andrey Suvorov |
Added ability to configure multiple certificates on a listener.
The certificate is selected by matching the arriving SNI to the common name and
the alternatives names. If no certificate matches the
Added ability to configure multiple certificates on a listener.
The certificate is selected by matching the arriving SNI to the common name and
the alternatives names. If no certificate matches the name, the first bundle in
the array is chosen.
show more ...
|
|
Revision tags: 1.22.0-1, 1.22.0, 1.21.0-1, 1.21.0, 1.20.0-1, 1.20.0, 1.19.0-1, 1.19.0, 1.18.0-1, 1.18.0, 1.17.0-1, 1.17.0, 1.16.0-1, 1.16.0, 1.15.0-1, 1.15.0, 1.14.0-1, 1.14.0, 1.13.0-1, 1.13.0, 1.12.0-1, 1.12.0, 1.11.0-2, 1.11.0-1, 1.11.0, 1.10.0-2, 1.10.0-1, 1.10.0, 1.9.0-1, 1.9.0, 1.8.0-1, 1.8.0, 1.7.1-1, 1.7.1, 1.7-1, 1.7, 1.6-1, 1.6, 1.5-1, 1.5, 1.4-2, 1.4 |
|
| #
774:b21709350c49 |
| 20-Sep-2018 |
Valentin Bartenev |
Controller: certificates storage interface.
|
| #
771:f349b2d68e75 |
| 20-Sep-2018 |
Igor Sysoev |
Added SSL/TLS support on connection level.
|