Repository: trafficserver Updated Branches: refs/heads/master 72035e508 -> 145d94b7e
Revert "TS-3437: Make DH params configurable: fix typo" This reverts commit c737a859aee50ad1331bcaf41da832aae8041da3. Revert "TS-3437: Make DH params configurable: update docs" This reverts commit 8a4128c1dcf6e933ff77b9f7fe641b5bc8975a21. Revert "TS-3437: Make DH params configurable" This reverts commit 091b59ca3f772ebc4a6cbc832b57fb0794c6b82e. Revert "TS-3437: Update Changes" This reverts commit 4361f4d0d49f46be59fc6fe86e26f22fbfacebc1. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/145d94b7 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/145d94b7 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/145d94b7 Branch: refs/heads/master Commit: 145d94b7ec04df1f4738e10fa9ea69af6f328e7b Parents: 72035e5 Author: Brian Geffon <bri...@apache.org> Authored: Thu Mar 19 14:16:56 2015 -0700 Committer: Brian Geffon <bri...@apache.org> Committed: Thu Mar 19 14:19:59 2015 -0700 ---------------------------------------------------------------------- CHANGES | 2 -- doc/reference/configuration/records.config.en.rst | 5 ----- iocore/net/P_SSLConfig.h | 1 - iocore/net/SSLConfig.cc | 2 -- iocore/net/SSLUtils.cc | 4 +--- mgmt/RecordsConfig.cc | 2 -- 6 files changed, 1 insertion(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/145d94b7/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index 5f7e1ec..e8ee3f9 100644 --- a/CHANGES +++ b/CHANGES @@ -7,8 +7,6 @@ Changes with Apache Traffic Server 5.3.0 *) [TS-3439] Chunked responses don't honor keep-alive. - *) [TS-3437] Make DH params configurable. - *) [TS-3342] Non-standard method in bad request can cause crash. *) [TS-3331] negative responses cached even when headers indicate otherwise. http://git-wip-us.apache.org/repos/asf/trafficserver/blob/145d94b7/doc/reference/configuration/records.config.en.rst ---------------------------------------------------------------------- diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst index 8d6c843..4cad8e8 100644 --- a/doc/reference/configuration/records.config.en.rst +++ b/doc/reference/configuration/records.config.en.rst @@ -2258,11 +2258,6 @@ SSL Termination Unless this is an absolute path, it is loaded relative to the path specified by :ts:cv:`proxy.config.ssl.server.cert.path`. -.. ts:cv:: CONFIG proxy.config.ssl.client.enable_dhparams INT 0 - - Enable or disable the dhparams_file configuration option, - this is disabled by default - .. ts:cv:: CONFIG proxy.config.ssl.server.dhparams_file STRING NULL The name of a file containing a set of Diffie-Hellman key exchange http://git-wip-us.apache.org/repos/asf/trafficserver/blob/145d94b7/iocore/net/P_SSLConfig.h ---------------------------------------------------------------------- diff --git a/iocore/net/P_SSLConfig.h b/iocore/net/P_SSLConfig.h index 376036d..cda2dcb 100644 --- a/iocore/net/P_SSLConfig.h +++ b/iocore/net/P_SSLConfig.h @@ -81,7 +81,6 @@ struct SSLConfigParams : public ConfigInfo char * clientKeyPath; char * clientCACertFilename; char * clientCACertPath; - int enable_dhparams; int clientVerify; int client_verify_depth; long ssl_ctx_options; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/145d94b7/iocore/net/SSLConfig.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc index dc78020..627ccd2 100644 --- a/iocore/net/SSLConfig.cc +++ b/iocore/net/SSLConfig.cc @@ -74,7 +74,6 @@ SSLConfigParams::SSLConfigParams() clientCertLevel = client_verify_depth = verify_depth = clientVerify = 0; - enable_dhparams = 0; ssl_ctx_options = 0; ssl_client_ctx_protocols = 0; ssl_session_cache = SSL_SESSION_CACHE_MODE_SERVER_ATS_IMPL; @@ -160,7 +159,6 @@ SSLConfigParams::initialize() REC_ReadConfigStringAlloc(cipherSuite, "proxy.config.ssl.server.cipher_suite"); REC_ReadConfigStringAlloc(client_cipherSuite, "proxy.config.ssl.client.cipher_suite"); dhparamsFile = RecConfigReadConfigPath("proxy.config.ssl.server.dhparams_file"); - REC_ReadConfigInt32(enable_dhparams, "proxy.config.ssl.server.enable_dhparams"); int options; int client_ssl_options; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/145d94b7/iocore/net/SSLUtils.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index 0ced75c..fd69911 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -1473,10 +1473,8 @@ SSLInitServerContext(const SSLConfigParams * params, const ssl_user_config & ssl SSL_CTX_set_default_passwd_cb_userdata(CTX, NULL);\ } SSL_CLEAR_PW_REFERENCES(ud,ctx) - if (params->enable_dhparams && !ssl_context_enable_dhe(params->dhparamsFile, ctx)) { + if (!ssl_context_enable_dhe(params->dhparamsFile, ctx)) { goto fail; - } else if (!params->enable_dhparams) { - Debug("ssl", "Not using dhparams"); } return ssl_context_enable_ecdh(ctx); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/145d94b7/mgmt/RecordsConfig.cc ---------------------------------------------------------------------- diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc index a394a9a..03a32ec 100644 --- a/mgmt/RecordsConfig.cc +++ b/mgmt/RecordsConfig.cc @@ -1322,8 +1322,6 @@ static const RecordElement RecordsConfig[] = , {RECT_CONFIG, "proxy.config.ssl.allow_client_renegotiation", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} , - {RECT_CONFIG, "proxy.config.ssl.server.enable_dhparams", RECD_INT, "0", RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} - , {RECT_CONFIG, "proxy.config.ssl.server.dhparams_file", RECD_STRING, NULL, RECU_RESTART_TS, RR_NULL, RECC_NULL, NULL, RECA_NULL} , //##############################################################################