Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

add support for ssl_honor_cipher_order

  • Loading branch information...
commit 545eee43c9084de47bfba6130fd2274ef0a99cf5 1 parent 9e0b06b
Andreas Koenig authored andk committed
Showing with 8 additions and 0 deletions.
  1. +8 −0 lib/Perlbal/Service.pm
8 lib/Perlbal/Service.pm
View
@@ -97,6 +97,7 @@ use fields (
'ssl_cipher_list', # OpenSSL cipher list string
'ssl_ca_path', # directory: path to certificates
'ssl_verify_mode', # int: verification mode, see IO::Socket::SSL documentation
+ 'ssl_honor_cipher_order', # bool: see IO::Socket::SSL documentation (requires version >= 1.71)
'enable_error_retries', # bool: whether we should retry requests after errors
'error_retry_schedule', # string of comma-separated seconds (full or partial) to delay between retries
@@ -615,6 +616,12 @@ our $tunables = {
check_type => "int",
check_role => "*",
},
+ 'ssl_honor_cipher_order' => {
+ des => 'SSL: server determines cipher order to try',
+ default => 0,
+ check_type => "int",
+ check_role => "*",
+ },
'enable_error_retries' => {
des => 'Whether Perlbal should transparently retry requests to backends if a backend returns a 500 server error.',
@@ -1643,6 +1650,7 @@ sub enable {
SSL_cipher_list => $self->{ssl_cipher_list},
(defined $self->{ssl_ca_path} ? (SSL_ca_path => $self->{ssl_ca_path}) : ()),
(defined $self->{ssl_verify_mode} ? (SSL_verify_mode => $self->{ssl_verify_mode}) : ()),
+ (defined $self->{ssl_honor_cipher_order} ? (SSL_honor_cipher_order => $self->{ssl_honor_cipher_order}) : ()),
};
return $mc->err("IO::Socket:SSL (0.98+) not available. Can't do SSL.") unless eval "use IO::Socket::SSL 0.98 (); 1;";
return $mc->err("SSL key file ($self->{ssl_key_file}) doesn't exist") unless -f $self->{ssl_key_file};
Please sign in to comment.
Something went wrong with that request. Please try again.