>From 324ec06ee477cce5f9b2ba7b031e87d62c333826 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <[email protected]>
Date: Wed, 15 Mar 2017 16:20:02 +0100
Subject: [PATCH 23/31] MINOR: server: Make 'default-server' support 'ciphers'
keyword.
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
This patch makes 'default-server' directive support 'ciphers' setting.
---
src/server.c | 2 ++
src/ssl_sock.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/server.c b/src/server.c
index 79dcca7..a9cfac3 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1431,6 +1431,8 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr
newsrv->ssl_ctx.verify = curproxy->defsrv.ssl_ctx.verify;
if (curproxy->defsrv.ssl_ctx.verify_host != NULL)
newsrv->ssl_ctx.verify_host = strdup(curproxy->defsrv.ssl_ctx.verify_host);
+ if (curproxy->defsrv.ssl_ctx.ciphers != NULL)
+ newsrv->ssl_ctx.ciphers = strdup(curproxy->defsrv.ssl_ctx.ciphers);
#endif
cur_arg = 3;
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 72b3259..9d85eac 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7487,7 +7487,7 @@ static struct bind_kw_list bind_kws = { "SSL", { }, {
static struct srv_kw_list srv_kws = { "SSL", { }, {
{ "ca-file", srv_parse_ca_file, 1, 1 }, /* set CAfile to process verify server cert */
{ "check-ssl", srv_parse_check_ssl, 0, 1 }, /* enable SSL for health checks */
- { "ciphers", srv_parse_ciphers, 1, 0 }, /* select the cipher suite */
+ { "ciphers", srv_parse_ciphers, 1, 1 }, /* select the cipher suite */
{ "crl-file", srv_parse_crl_file, 1, 1 }, /* set certificate revocation list file use on server cert verify */
{ "crt", srv_parse_crt, 1, 1 }, /* set client certificate */
{ "force-sslv3", srv_parse_force_sslv3, 0, 1 }, /* force SSLv3 */
--
2.1.4
