From 545eee43c9084de47bfba6130fd2274ef0a99cf5 Mon Sep 17 00:00:00 2001 From: Andreas Koenig Date: Sat, 27 Oct 2012 16:24:04 +0200 Subject: [PATCH] add support for ssl_honor_cipher_order --- lib/Perlbal/Service.pm | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/Perlbal/Service.pm b/lib/Perlbal/Service.pm index 6efa277..3e87dd8 100644 --- a/lib/Perlbal/Service.pm +++ b/lib/Perlbal/Service.pm @@ -97,6 +97,7 @@ use fields ( 'ssl_cipher_list', # OpenSSL cipher list string 'ssl_ca_path', # directory: path to certificates 'ssl_verify_mode', # int: verification mode, see IO::Socket::SSL documentation + 'ssl_honor_cipher_order', # bool: see IO::Socket::SSL documentation (requires version >= 1.71) 'enable_error_retries', # bool: whether we should retry requests after errors 'error_retry_schedule', # string of comma-separated seconds (full or partial) to delay between retries @@ -615,6 +616,12 @@ our $tunables = { check_type => "int", check_role => "*", }, + 'ssl_honor_cipher_order' => { + des => 'SSL: server determines cipher order to try', + default => 0, + check_type => "int", + check_role => "*", + }, 'enable_error_retries' => { des => 'Whether Perlbal should transparently retry requests to backends if a backend returns a 500 server error.', @@ -1643,6 +1650,7 @@ sub enable { SSL_cipher_list => $self->{ssl_cipher_list}, (defined $self->{ssl_ca_path} ? (SSL_ca_path => $self->{ssl_ca_path}) : ()), (defined $self->{ssl_verify_mode} ? (SSL_verify_mode => $self->{ssl_verify_mode}) : ()), + (defined $self->{ssl_honor_cipher_order} ? (SSL_honor_cipher_order => $self->{ssl_honor_cipher_order}) : ()), }; return $mc->err("IO::Socket:SSL (0.98+) not available. Can't do SSL.") unless eval "use IO::Socket::SSL 0.98 (); 1;"; return $mc->err("SSL key file ($self->{ssl_key_file}) doesn't exist") unless -f $self->{ssl_key_file};