diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 2e7ae4b88..2066e302b 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -6692,6 +6692,48 @@ static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct ser return 0; } +/* parse the "ssl-reuse" server keyword */ +static int srv_parse_ssl_reuse(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err) +{ + newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_REUSE; + return 0; +} + +/* parse the "sslv3" server keyword */ +static int srv_parse_sslv3(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err) +{ + newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_SSLV3; + return 0; +} + +/* parse the "tlsv10" server keyword */ +static int srv_parse_tlsv10(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err) +{ + newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLSV10; + return 0; +} + +/* parse the "tlsv11" server keyword */ +static int srv_parse_tlsv11(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err) +{ + newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLSV11; + return 0; +} + +/* parse the "tlsv12" server keyword */ +static int srv_parse_tlsv12(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err) +{ + newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLSV12; + return 0; +} + +/* parse the "tls-tickets" server keyword */ +static int srv_parse_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err) +{ + newsrv->ssl_ctx.options &= ~SRV_SSL_O_NO_TLS_TICKETS; + return 0; +} + /* parse the "verify" server keyword */ static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err) { @@ -7430,16 +7472,22 @@ static struct srv_kw_list srv_kws = { "SSL", { }, { { "no-force-tlsv10", srv_parse_no_force_tlsv10, 0, 1 }, /* do not force TLSv10 */ { "no-force-tlsv11", srv_parse_no_force_tlsv11, 0, 1 }, /* do not force TLSv11 */ { "no-force-tlsv12", srv_parse_no_force_tlsv12, 0, 1 }, /* do not force TLSv12 */ - { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 0 }, /* disable session reuse */ - { "no-sslv3", srv_parse_no_sslv3, 0, 0 }, /* disable SSLv3 */ - { "no-tlsv10", srv_parse_no_tlsv10, 0, 0 }, /* disable TLSv10 */ - { "no-tlsv11", srv_parse_no_tlsv11, 0, 0 }, /* disable TLSv11 */ - { "no-tlsv12", srv_parse_no_tlsv12, 0, 0 }, /* disable TLSv12 */ - { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 0 }, /* disable session resumption tickets */ + { "no-ssl-reuse", srv_parse_no_ssl_reuse, 0, 1 }, /* disable session reuse */ + { "no-sslv3", srv_parse_no_sslv3, 0, 1 }, /* disable SSLv3 */ + { "no-tlsv10", srv_parse_no_tlsv10, 0, 1 }, /* disable TLSv10 */ + { "no-tlsv11", srv_parse_no_tlsv11, 0, 1 }, /* disable TLSv11 */ + { "no-tlsv12", srv_parse_no_tlsv12, 0, 1 }, /* disable TLSv12 */ + { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 1 }, /* disable session resumption tickets */ { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 0 }, /* send PROXY protocol header v2 with SSL info */ { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 0 }, /* send PROXY protocol header v2 with CN */ { "sni", srv_parse_sni, 1, 0 }, /* send SNI extension */ { "ssl", srv_parse_ssl, 0, 0 }, /* enable SSL processing */ + { "ssl-reuse", srv_parse_ssl_reuse, 0, 1 }, /* enable session reuse */ + { "sslv3", srv_parse_sslv3, 0, 1 }, /* enable SSLv3 */ + { "tlsv10", srv_parse_tlsv10, 0, 1 }, /* enable TLSv10 */ + { "tlsv11", srv_parse_tlsv11, 0, 1 }, /* enable TLSv11 */ + { "tlsv12", srv_parse_tlsv12, 0, 1 }, /* enable TLSv12 */ + { "tls-tickets", srv_parse_tls_tickets, 0, 1 }, /* enable session resumption tickets */ { "verify", srv_parse_verify, 1, 0 }, /* set SSL verify method */ { "verifyhost", srv_parse_verifyhost, 1, 0 }, /* require that SSL cert verifies for hostname */ { NULL, NULL, 0, 0 },