Welcome! Log In Create A New Profile

Advanced

SSLv3 protocol with LibreSSL

Previous Message Next Message
Forum List Message List New Topic Print View
Kuramoto Eiji
February 17, 2015 09:28AM
# HG changeset patch
# User Kuramoto Eiji <ek@kuramoto.org>
# Date 1424182447 -32400
# Node ID 2f0279e2d15aa7fd4c8300a99fa323513deaf1ab
# Parent f3f25ad09deee27485050a75732e5f46ab1b18b3
SSLv3 protocol is not available with LibreSSL,
even if SSLv3 option is supplied in config.

LibreSSL-2.1.2/2.1.3 disables SSLv3 by default.

diff -r f3f25ad09dee -r 2f0279e2d15a src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Wed Feb 11 20:18:55 2015 +0300
+++ b/src/event/ngx_event_openssl.c Tue Feb 17 23:14:07 2015 +0900
@@ -252,9 +252,17 @@
if (!(protocols & NGX_SSL_SSLv2)) {
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
}
+ifdef LIBRESSL_VERSION_NUMBER
+ if (!(protocols & NGX_SSL_SSLv3)) {
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
+ } else {
+ SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_SSLv3);
+ }
+#else
if (!(protocols & NGX_SSL_SSLv3)) {
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
}
+#endif
if (!(protocols & NGX_SSL_TLSv1)) {
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
}

- Kuramoto Eiji

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

SSLv3 protocol with LibreSSL

Kuramoto Eiji 627 February 17, 2015 09:28AM

Re: SSLv3 protocol with LibreSSL

Maxim Dounin 462 February 24, 2015 01:54PM

Re: SSLv3 protocol with LibreSSL

Kuramoto Eiji 475 February 26, 2015 06:02AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 240
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready