From: Sergey Kandaurov <pluknet@nginx.com>
Date: Tue, 10 Aug 2021 20:43:17 +0000 (+0300)
Subject: SSL: removed use of the SSL_OP_MSIE_SSLV2_RSA_PADDING option.
X-Git-Tag: release-1.21.2~17
X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=926e0aa70acd58d2a13451f40fc19aeb5393aa7e;p=nginx.git

SSL: removed use of the SSL_OP_MSIE_SSLV2_RSA_PADDING option.

It has no effect since OpenSSL 0.9.7h and 0.9.8a.
---

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 3705f5eaf..c087884ce 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -299,11 +299,6 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
     SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
 #endif
 
-#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
-    /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
-    SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
-#endif
-
 #ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
 #endif