Stream ssl_preread: relaxed SSL version check.

SSL version 3.0 can be specified by the client at the record level for
compatibility reasons.  Previously, ssl_preread module rejected such
connections, presuming they don't have SNI.  Now SSL 3.0 is allowed at
the record level.

diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c
index e26c51891ef69c520fa583b0e800fa03ece51d6f..2040b4fe83fab02b87acd10e98f7f8fd5241b21c 100644 (file)
--- a/src/stream/ngx_stream_ssl_preread_module.c
+++ b/src/stream/ngx_stream_ssl_preread_module.c
@@ -142,7 +142,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s)
             return NGX_DECLINED;
         }
 
-        if (p[1] != 3 || p[2] == 0) {
+        if (p[1] != 3) {
             ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
                            "ssl preread: unsupported SSL version");
             return NGX_DECLINED;