From b93931ae8292a485e045c36f963d843a74507d1e Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Wed, 18 Jul 2018 18:51:25 +0300
Subject: [PATCH] Stream ssl_preread: added SSLv2 Client Hello support.

In particular, it was not possible to obtain SSLv2 protocol version.
---
 src/stream/ngx_stream_ssl_preread_module.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c
index 8deb72554..a236fc555 100644
--- a/src/stream/ngx_stream_ssl_preread_module.c
+++ b/src/stream/ngx_stream_ssl_preread_module.c
@@ -149,6 +149,14 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s)
 
     while (last - p >= 5) {
 
+        if ((p[0] & 0x80) && p[2] == 1 && (p[3] == 0 || p[3] == 3)) {
+            ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
+                           "ssl preread: version 2 ClientHello");
+            ctx->version[0] = p[3];
+            ctx->version[1] = p[4];
+            return NGX_OK;
+        }
+
         if (p[0] != 0x16) {
             ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
                            "ssl preread: not a handshake");
@@ -507,8 +515,12 @@ ngx_stream_ssl_preread_protocol_variable(ngx_stream_session_t *s,
     ngx_str_null(&version);
 
     switch (ctx->version[0]) {
-    case 2:
-        ngx_str_set(&version, "SSLv2");
+    case 0:
+        switch (ctx->version[1]) {
+        case 2:
+            ngx_str_set(&version, "SSLv2");
+            break;
+        }
         break;
     case 3:
         switch (ctx->version[1]) {