diff options
author | Christian Heimes <cheimes@redhat.com> | 2016-02-08 15:52:25 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2016-02-29 16:09:17 -0500 |
commit | 9205812071bcd7bcf098efd80b82ec2bc1a62da4 (patch) | |
tree | 8cbbaa655156965d11da77585052d7762a69a1f8 /nss_engine_init.c | |
parent | 09eff5ae973290ff333928487e13974aa7ad0764 (diff) | |
download | mod_nss-9205812071bcd7bcf098efd80b82ec2bc1a62da4.tar.gz mod_nss-9205812071bcd7bcf098efd80b82ec2bc1a62da4.tar.xz mod_nss-9205812071bcd7bcf098efd80b82ec2bc1a62da4.zip |
Add server support for DHE ciphers
Similar patch was provided by Vitezslav Cizek <vcizek@suse.com>
Heavily modified by Rob Crittenden <rcritten@redhat.com>
https://fedorahosted.org/mod_nss/ticket/15
Diffstat (limited to 'nss_engine_init.c')
-rw-r--r-- | nss_engine_init.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/nss_engine_init.c b/nss_engine_init.c index 4460f53..44b5b88 100644 --- a/nss_engine_init.c +++ b/nss_engine_init.c @@ -829,6 +829,17 @@ static void nss_init_ctx_protocol(server_rec *s, nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); nss_die(); } +#ifdef ENABLE_SERVER_DHE + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + "Enabling DHE key exchange"); + if (SSL_OptionSet(mctx->model, SSL_ENABLE_SERVER_DHE, + PR_TRUE) != SECSuccess) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + "Unable to enable DHE key exchange"); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); + } +#endif } static void nss_init_ctx_session_cache(server_rec *s, @@ -1043,6 +1054,10 @@ static void nss_init_ctx_cipher_suite(server_rec *s, /* Finally actually enable the selected ciphers */ for (i=0; i<ciphernum;i++) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + "%sable cipher: %s", + cipher_state[i] == 1 ? "En" : "Dis", + ciphers_def[i].name); SSL_CipherPrefSet(mctx->model, ciphers_def[i].num, cipher_state[i] == 1 ? PR_TRUE : PR_FALSE); } } |