diff options
| author | Dirk-Willem van Gulik <dirkx@apache.org> | 2023-03-06 18:46:04 +0100 |
|---|---|---|
| committer | Dirk-Willem van Gulik <dirkx@apache.org> | 2023-03-06 18:46:04 +0100 |
| commit | 3067b17275823708de743be1e828dbd5db3a8b4e (patch) | |
| tree | f7dbeeabf944ae8a8798ddd1ce25566fe629d40c | |
| parent | * modules/http2/mod_proxy_http2.c: Fix missing APLOGNO. (diff) | |
| download | apache2-3067b17275823708de743be1e828dbd5db3a8b4e.tar.xz apache2-3067b17275823708de743be1e828dbd5db3a8b4e.zip | |
Add SSL_SHARED_CIPHER environment variable
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1908132 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | docs/manual/mod/mod_ssl.xml | 3 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_kernel.c | 1 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_vars.c | 5 |
4 files changed, 11 insertions, 1 deletions
@@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) Add a SSL_SHARED_CIPHER environment variable with the list of + client/server permitted ciphers. [Dirk-Willem van Gulik] + *) mod_http2: field values (headers and trailers) are stripped of leading/trailing whitespace (space +htab) before being processed or send in a response. This is compatible behaviour to HTTP/1.1 diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index dbe3345da7..248fe75247 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -66,7 +66,8 @@ compatibility variables.</p> <tr><td><code>SSL_SESSION_ID</code></td> <td>string</td> <td>The hex-encoded SSL session id</td></tr> <tr><td><code>SSL_SESSION_RESUMED</code></td> <td>string</td> <td>Initial or Resumed SSL Session. Note: multiple requests may be served over the same (Initial or Resumed) SSL session if HTTP KeepAlive is in use</td></tr> <tr><td><code>SSL_SECURE_RENEG</code></td> <td>string</td> <td><code>true</code> if secure renegotiation is supported, else <code>false</code></td></tr> -<tr><td><code>SSL_CIPHER</code></td> <td>string</td> <td>The cipher specification name</td></tr> +<tr><td><code>SSL_SHARED_CIPHERS</code></td> <td>string</td> <td>Colon separated list of shared ciphers (i.e. the subset of ciphers that are configured on both server and on the client)</td></tr> +<tr><td><code>SSL_CIPHER</code></td> <td>string</td> <td>The name of the cipher agreed between client and server</td></tr> <tr><td><code>SSL_CIPHER_EXPORT</code></td> <td>string</td> <td><code>true</code> if cipher is an export cipher</td></tr> <tr><td><code>SSL_CIPHER_USEKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (actually used)</td></tr> <tr><td><code>SSL_CIPHER_ALGKEYSIZE</code></td> <td>number</td> <td>Number of cipher bits (possible)</td></tr> diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index b5f5379a89..885d3f3d67 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1532,6 +1532,7 @@ static const char *const ssl_hook_Fixup_vars[] = { "SSL_SERVER_A_SIG", "SSL_SESSION_ID", "SSL_SESSION_RESUMED", + "SSL_SHARED_CIPHERS", #ifdef HAVE_SRP "SSL_SRP_USER", "SSL_SRP_USERINFO", diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index af6c4de1b7..6ba70fcecb 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -506,6 +506,11 @@ static const char *ssl_var_lookup_ssl(apr_pool_t *p, const SSLConnRec *sslconn, else if (ssl != NULL && strcEQ(var, "COMPRESS_METHOD")) { result = ssl_var_lookup_ssl_compress_meth(ssl); } + else if (ssl != NULL && strcEQ(var, "SHARED_CIPHERS")) { + char buf[ 1024 * 16 ]; + if (SSL_get_shared_ciphers(ssl,buf,sizeof(buf))) + result = apr_pstrdup(p,buf); + } #ifdef HAVE_TLSEXT else if (ssl != NULL && strcEQ(var, "TLS_SNI")) { result = apr_pstrdup(p, SSL_get_servername(ssl, |