SSL: removed use of the SSL_OP_MSIE_SSLV2_RSA_PADDING option.

author Sergey Kandaurov <pluknet@nginx.com>

Tue, 10 Aug 2021 20:43:17 +0000 (23:43 +0300)

committer Sergey Kandaurov <pluknet@nginx.com>

Tue, 10 Aug 2021 20:43:17 +0000 (23:43 +0300)
author Sergey Kandaurov <pluknet@nginx.com>
Tue, 10 Aug 2021 20:43:17 +0000 (23:43 +0300)
committer Sergey Kandaurov <pluknet@nginx.com>
Tue, 10 Aug 2021 20:43:17 +0000 (23:43 +0300)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c

index 3705f5eafebd739da6d4478df8ee7acdfcfb0bc0..c087884ce573bef7cacf2ecd45daf2cf91c7a40b 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -299,11 +299,6 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
      SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
  #endif
  
-#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
-    /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
-    SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
-#endif
-
  #ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
      SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
  #endif
author	Sergey Kandaurov <pluknet@nginx.com>
	Tue, 10 Aug 2021 20:43:17 +0000 (23:43 +0300)
committer	Sergey Kandaurov <pluknet@nginx.com>
	Tue, 10 Aug 2021 20:43:17 +0000 (23:43 +0300)