Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.

Maxim Dounin
September 16, 2013 10:34PM
details: http://hg.nginx.org/nginx/rev/a73678f5f96f
branches:
changeset: 5378:a73678f5f96f
user: Piotr Sikora <piotr@cloudflare.com>
date: Mon Sep 16 14:24:38 2013 -0700
description:
SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.

This option had no effect since 0.9.7h / 0.9.8b and it was removed
in recent OpenSSL.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>

diffstat:

src/event/ngx_event_openssl.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)

diffs (14 lines):

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -185,8 +185,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_
SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);

+#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
/* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
+#endif

SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.

Maxim Dounin 990 September 16, 2013 10:34PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 153
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready