details: http://hg.nginx.org/nginx/rev/6649d4433266
branches:
changeset: 7322:6649d4433266
user: Sergey Kandaurov <pluknet@nginx.com>
date: Wed Jul 18 18:51:25 2018 +0300
description:
Stream ssl_preread: added SSLv2 Client Hello support.

In particular, it was not possible to obtain SSLv2 protocol version.

diffstat:

src/stream/ngx_stream_ssl_preread_module.c | 16 ++++++++++++++--
1 files changed, 14 insertions(+), 2 deletions(-)

diffs (33 lines):

diff -r 45e513c3540d -r 6649d4433266 src/stream/ngx_stream_ssl_preread_module.c
--- a/src/stream/ngx_stream_ssl_preread_module.c Tue Jul 17 15:30:43 2018 +0300
+++ b/src/stream/ngx_stream_ssl_preread_module.c Wed Jul 18 18:51:25 2018 +0300
@@ -149,6 +149,14 @@ ngx_stream_ssl_preread_handler(ngx_strea

while (last - p >= 5) {

+ if ((p[0] & 0x80) && p[2] == 1 && (p[3] == 0 || p[3] == 3)) {
+ ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
+ "ssl preread: version 2 ClientHello");
+ ctx->version[0] = p[3];
+ ctx->version[1] = p[4];
+ return NGX_OK;
+ }
+
if (p[0] != 0x16) {
ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
"ssl preread: not a handshake");
@@ -507,8 +515,12 @@ ngx_stream_ssl_preread_protocol_variable
ngx_str_null(&version);

switch (ctx->version[0]) {
- case 2:
- ngx_str_set(&version, "SSLv2");
+ case 0:
+ switch (ctx->version[1]) {
+ case 2:
+ ngx_str_set(&version, "SSLv2");
+ break;
+ }
break;
case 3:
switch (ctx->version[1]) {
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel