Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: removed use of the SSL_OP_MSIE_SSLV2_RSA_PADDING option.

Previous Message Next Message
Forum List Message List New Topic Print View
Sergey Kandaurov
August 10, 2021 05:52PM
details: https://hg.nginx.org/nginx/rev/dda421871bc2
branches:
changeset: 7901:dda421871bc2
user: Sergey Kandaurov <pluknet@nginx.com>
date: Tue Aug 10 23:43:17 2021 +0300
description:
SSL: removed use of the SSL_OP_MSIE_SSLV2_RSA_PADDING option.

It has no effect since OpenSSL 0.9.7h and 0.9.8a.

diffstat:

src/event/ngx_event_openssl.c | 5 -----
1 files changed, 0 insertions(+), 5 deletions(-)

diffs (15 lines):

diff -r 509b663a789c -r dda421871bc2 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Tue Aug 10 23:43:17 2021 +0300
+++ b/src/event/ngx_event_openssl.c Tue Aug 10 23:43:17 2021 +0300
@@ -299,11 +299,6 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_
SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
#endif

-#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
- /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
- SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
-#endif
-
#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
#endif
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] SSL: removed use of the SSL_OP_MSIE_SSLV2_RSA_PADDING option.

Sergey Kandaurov 531 August 10, 2021 05:52PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 284
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready