Skip to content

Commit e6d0624

Browse files
climagabrielclimagabriel
committed
Use SSL_client_hello_get0_ciphers() instead of SSL_get0_raw_cipherlist()
fooinha#64
1 parent 8e0fe46 commit e6d0624

File tree

1 file changed

+23
-20
lines changed

1 file changed

+23
-20
lines changed

patches/nginx.1.27.2.ssl.extensions.patch

Lines changed: 23 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
1-
diff -r 2e63d59c342d src/event/ngx_event_openssl.c
2-
--- a/src/event/ngx_event_openssl.c Tue Sep 10 16:48:11 2024 +0400
3-
+++ b/src/event/ngx_event_openssl.c Sat Sep 14 18:00:11 2024 +0000
4-
@@ -1742,6 +1742,7 @@
1+
diff -u src/event/ngx_event_openssl.c src/event/ngx_event_openssl.c
2+
--- a/src/event/ngx_event_openssl.c 2025-05-09 09:22:41.641816383 +0000
3+
+++ b/src/event/ngx_event_openssl.c 2025-05-09 09:50:23.401472760 +0000
4+
@@ -1624,6 +1624,7 @@
55
#ifdef SSL_OP_NO_RENEGOTIATION
66
SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);
77
#endif
88
+ SSL_set_options(sc->connection, SSL_OP_NO_TICKET);
99
}
1010

1111
if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
12-
@@ -1793,6 +1794,116 @@
12+
@@ -1675,6 +1676,119 @@
1313
return NGX_OK;
1414
}
1515

@@ -18,29 +18,17 @@ diff -r 2e63d59c342d src/event/ngx_event_openssl.c
1818
+void
1919
+ngx_SSL_client_features(ngx_connection_t *c) {
2020
+
21-
+ unsigned short *ciphers_out = NULL;
2221
+ int *curves_out = NULL;
2322
+ int *point_formats_out = NULL;
24-
+ size_t i = 0;
2523
+ size_t len = 0;
24+
+ size_t i = 0;
2625
+ SSL *s = NULL;
2726
+
2827
+ if (c == NULL) {
2928
+ return;
3029
+ }
3130
+ s = c->ssl->connection;
3231
+
33-
+ /* Cipher suites */
34-
+ c->ssl->ciphers = NULL;
35-
+ c->ssl->ciphers_sz = SSL_get0_raw_cipherlist(s, &ciphers_out);
36-
+ c->ssl->ciphers_sz /= 2;
37-
+
38-
+ if (c->ssl->ciphers_sz && ciphers_out) {
39-
+ len = c->ssl->ciphers_sz * sizeof(unsigned short);
40-
+ c->ssl->ciphers = ngx_pnalloc(c->pool, len);
41-
+ ngx_memcpy(c->ssl->ciphers, ciphers_out, len);
42-
+ }
43-
+
4432
+ /* Elliptic curve points */
4533
+
4634
+ c->ssl->curves_sz = SSL_get1_curves(s, NULL);
@@ -81,9 +69,11 @@ diff -r 2e63d59c342d src/event/ngx_event_openssl.c
8169
+int
8270
+ngx_SSL_early_cb_fn(SSL *s, int *al, void *arg) {
8371
+
72+
+ const unsigned char *ciphers_out = NULL;
8473
+ int got_extensions;
8574
+ int *ext_out;
8675
+ size_t ext_len;
76+
+ size_t len = 0;
8777
+ ngx_connection_t *c;
8878
+
8979
+ c = arg;
@@ -120,13 +110,26 @@ diff -r 2e63d59c342d src/event/ngx_event_openssl.c
120110
+
121111
+ OPENSSL_free(ext_out);
122112
+
113+
+
114+
+ /* Cipher suites */
115+
+ c->ssl->ciphers = NULL;
116+
+ c->ssl->ciphers_sz = SSL_client_hello_get0_ciphers(s, &ciphers_out);
117+
+ c->ssl->ciphers_sz /= 2;
118+
+
119+
+ if (c->ssl->ciphers_sz && ciphers_out) {
120+
+ len = c->ssl->ciphers_sz * sizeof(unsigned short);
121+
+ c->ssl->ciphers = ngx_pnalloc(c->pool, len);
122+
+ ngx_memcpy(c->ssl->ciphers, ciphers_out, len);
123+
+ }
124+
+
125+
+
123126
+ return 1;
124127
+}
125128
+/* ----- JA3 HACK END -------------------------------------------------------*/
126129

127130
ngx_int_t
128131
ngx_ssl_handshake(ngx_connection_t *c)
129-
@@ -1813,6 +1924,10 @@
132+
@@ -1695,6 +1809,10 @@
130133

131134
ngx_ssl_clear_error(c->log);
132135

@@ -137,7 +140,7 @@ diff -r 2e63d59c342d src/event/ngx_event_openssl.c
137140
n = SSL_do_handshake(c->ssl->connection);
138141

139142
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
140-
@@ -1831,6 +1946,10 @@
143+
@@ -1713,6 +1831,10 @@
141144
ngx_ssl_handshake_log(c);
142145
#endif
143146

0 commit comments

Comments
 (0)