diff options
| author | Piotr Sikora <piotr@cloudflare.com> | 2013-09-16 14:24:38 -0700 |
|---|---|---|
| committer | Piotr Sikora <piotr@cloudflare.com> | 2013-09-16 14:24:38 -0700 |
| commit | 29ea1273fef9c94d213eec53e027cd9aa70780e8 (patch) | |
| tree | 89bc8a44c36ce86a03cb728aee5620f09de70cd0 | |
| parent | db1532944cef68f835917894b8e9fc569d1712b4 (diff) | |
| download | nginx-29ea1273fef9c94d213eec53e027cd9aa70780e8.tar.gz nginx-29ea1273fef9c94d213eec53e027cd9aa70780e8.zip | |
SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.
This option had no effect since 0.9.7h / 0.9.8b and it was removed
in recent OpenSSL.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
| -rw-r--r-- | src/event/ngx_event_openssl.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index f2419e466..fedb604de 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -185,8 +185,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); +#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); +#endif SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); |