Skip to content

tack/nginx_ssl_tack

master
Switch branches/tags
Code
This branch is 2 commits behind kyprizel:master.
Contribute

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

Description

This patch enables the NGINX SSL module to respond with a TACK TLS Extension.

Directives

ssl_tack

syntax: ssl_tack (on|off);

default: off

context: server

on - Enable TLS extension

off - Disable TLS extension

ssl_tack_file

syntax: ssl_tack_file <string>

default: none

context: server

Sets TACK file path.

ssl_tack_activation_flags

syntax: ssl_tack_pin_activation (0|1|2|3);

default: 0

context: server

http://tack.io/draft.html#anchor9

Installation

Grab the nginx source code from nginx.org. Patch and compile it with openssl_tack.

wget 'http://nginx.org/download/nginx-VERSION.tar.gz'
tar -xzvf nginx-VERSION.tar.gz
patch -p0 < ngx_http_ssl_module-VERSION.patch

./configure --with-debug --with-openssl=/path/to/openssl_tack --with-http_ssl_module
make
make install

Example configuration

server {
    listen       443;
    server_name  localhost;

    ssl                  on;
    ssl_certificate      ssl/testhost.crt;
    ssl_certificate_key  ssl/testhost.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    ssl_tack on;
    ssl_tack_file ssl/tack.sig;
    ssl_tack_activation_flags 1;

    location / {
        root   html;
    }
}

About

ngx_http_ssl_module with TACK support

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published