mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-12-03 04:39:00 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.

Browse Source 
This option had no effect since 0.9.7h / 0.9.8b and it was removed
in recent OpenSSL.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
This commit is contained in:
Piotr Sikora 2013-09-16 14:24:38 -07:00
parent db1532944c
commit 29ea1273fe
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/event/ngx_event_openssl.c
View File

@ -185,8 +185,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
/* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
#endif
SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);