MINOR: server: Make 'default-server' support 'ciphers' keyword.

This patch makes 'default-server' directive support 'ciphers' setting.

diff --git a/src/server.c b/src/server.c
index 3ae063222853cb1694ca53e4735bd94f9538f6d4..2bba49ff3b8773d770337f5ba44ba3e8bcd8b8d6 100644 (file)
--- a/src/server.c
+++ b/src/server.c
@@ -1431,6 +1431,8 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr
                        newsrv->ssl_ctx.verify = curproxy->defsrv.ssl_ctx.verify;
                        if (curproxy->defsrv.ssl_ctx.verify_host != NULL)
                                newsrv->ssl_ctx.verify_host = strdup(curproxy->defsrv.ssl_ctx.verify_host);
+                       if (curproxy->defsrv.ssl_ctx.ciphers != NULL)
+                               newsrv->ssl_ctx.ciphers = strdup(curproxy->defsrv.ssl_ctx.ciphers);
 #endif
 
                        cur_arg = 3;

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 72b32599df3707adf3c6fa38dce53fe77848d20c..9d85eac94fe3c5cf28d31333ff9c01b720231d66 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -7487,7 +7487,7 @@ static struct bind_kw_list bind_kws = { "SSL", { }, {
 static struct srv_kw_list srv_kws = { "SSL", { }, {
        { "ca-file",                 srv_parse_ca_file,           1, 1 }, /* set CAfile to process verify server cert */
        { "check-ssl",               srv_parse_check_ssl,         0, 1 }, /* enable SSL for health checks */
-       { "ciphers",                 srv_parse_ciphers,           1, 0 }, /* select the cipher suite */
+       { "ciphers",                 srv_parse_ciphers,           1, 1 }, /* select the cipher suite */
        { "crl-file",                srv_parse_crl_file,          1, 1 }, /* set certificate revocation list file use on server cert verify */
        { "crt",                     srv_parse_crt,               1, 1 }, /* set client certificate */
        { "force-sslv3",             srv_parse_force_sslv3,       0, 1 }, /* force SSLv3 */