Welcome! Log In Create A New Profile

Advanced

[PATCH] SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.

Piotr Sikora
September 16, 2013 05:34PM
Hello,
while OpenSSL-1.0.1f isn't released just yet, the change that
removes SSL_OP_MSIE_SSLV2_RSA_PADDING is already backported to
OpenSSL_1_0_1-stable branch and I believe that it's better to
proactively guard against this than to wait for people to
complain that nginx doesn't compile with new OpenSSL.

Best regards,
Piotr Sikora


# HG changeset patch
# User Piotr Sikora <piotr@cloudflare.com>
# Date 1379366678 25200
# Mon Sep 16 14:24:38 2013 -0700
# Node ID a73678f5f96ffead0b616b2c03dfcfd5445d443b
# Parent cec155f07c84953138455b65dfe678bb514e33ca
SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.

This option had no effect since 0.9.7h / 0.9.8b and it was removed
in recent OpenSSL.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>

diff -r cec155f07c84 -r a73678f5f96f src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Mon Sep 16 18:49:23 2013 +0400
+++ b/src/event/ngx_event_openssl.c Mon Sep 16 14:24:38 2013 -0700
@@ -185,8 +185,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_
SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);

+#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
/* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
+#endif

SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.

Piotr Sikora 977 September 16, 2013 05:34PM

Re: [PATCH] SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.

Maxim Dounin 366 September 16, 2013 10:36PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 158
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready