fatal_exit("could not set up listen SSL_CTX");
if(cfg->tls_ciphers && cfg->tls_ciphers[0]) {
if (!SSL_CTX_set_cipher_list(daemon->listen_sslctx, cfg->tls_ciphers)) {
- fatal_exit("faild to set tls-cipher %s",cfg->tls_ciphers);
+ fatal_exit("failed to set tls-cipher %s", cfg->tls_ciphers);
}
}
#if OPENSSL_VERSION_NUMBER >= 0x1010101
if(cfg->tls_ciphersuites && cfg->tls_ciphersuites[0]) {
if (!SSL_CTX_set_ciphersuites(daemon->listen_sslctx, cfg->tls_ciphersuites)) {
- fatal_exit("faild to set tls-ciphersuites %s",cfg->tls_ciphersuites);
+ fatal_exit("failed to set tls-ciphersuites %s", cfg->tls_ciphersuites);
}
}
#endif
23 January 2018: Wouter
- Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites
options for unbound.conf.
+ - Fixes for the patch, and man page entry.
22 January 2018: Wouter
- Fix space calculation for tcp req buffer size.
eg. with the @port suffix, as this port number, they provide dns over TLS
service. Can list multiple, each on a new statement.
.TP
+.B tls\-ciphers: \fI<string with cipher list>
+Set the list of ciphers to allow when serving TLS. Use "" for defaults,
+and that is the default.
+.TP
+.B tls\-ciphersuites: \fI<string with ciphersuites list>
+Set the list of ciphersuites to allow when serving TLS. This is for newer
+TLS 1.3 connections. Use "" for defaults, and that is the default.
+.TP
.B use\-systemd: \fI<yes or no>
Enable or disable systemd socket activation.
Default is no.
else S_STRLIST("additional-tls-port:", tls_additional_port)
else S_STRLIST("tls-additional-ports:", tls_additional_port)
else S_STRLIST("tls-additional-port:", tls_additional_port)
- else S_STR("tls_ciphers:", tls_ciphers)
- else S_STR("tls_ciphersuites:", tls_ciphersuites)
+ else S_STR("tls-ciphers:", tls_ciphers)
+ else S_STR("tls-ciphersuites:", tls_ciphersuites)
else S_YNO("interface-automatic:", if_automatic)
else S_YNO("use-systemd:", use_systemd)
else S_YNO("do-daemonize:", do_daemonize)
free(cfg->ssl_service_pem);
free(cfg->tls_cert_bundle);
config_delstrlist(cfg->tls_additional_port);
+ free(cfg->tls_ciphers);
+ free(cfg->tls_ciphersuites);
free(cfg->log_identity);
config_del_strarray(cfg->ifs, cfg->num_ifs);
config_del_strarray(cfg->out_ifs, cfg->num_out_ifs);
int tls_win_cert;
/** additional tls ports */
struct config_strlist* tls_additional_port;
- /** TLS chiper **/
+ /** TLS ciphers */
char* tls_ciphers;
- /** TLS chipersuites (TLSv1.3) **/
+ /** TLS chipersuites (TLSv1.3) */
char* tls_ciphersuites;
/** outgoing port range number of ports (per thread) */
projects / thirdparty / unbound.git / commitdiff
