Merge of r4401, r4415:

SSL changes:

*) Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.

   Support for TLSv1.1 and TLSv1.2 protocols was introduced in
   OpenSSL 1.0.1 (-beta1 was recently released).  This change makes it
   possible to disable these protocols and/or enable them without other
   protocols.

*) Removed ENGINE_load_builtin_engines() call.

   It's already called by OPENSSL_config().  Calling it again causes
   some openssl engines (notably GOST) to corrupt memory, as they don't
   expect to be created more than once.

1 files changed, 4 insertions, 1 deletions

diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index 4f4c9a20d..fa02409d2 100644
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -37,6 +37,8 @@ static ngx_conf_bitmask_t  ngx_mail_ssl_protocols[] = {
     { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
     { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
     { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
+    { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
+    { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
     { ngx_null_string, 0 }
 };
 
@@ -206,7 +208,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
                          prev->prefer_server_ciphers, 0);
 
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
-                         (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
+                         (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
+                          |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
 
     ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
     ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");