Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_preread_module.c @ 6849:01adb18a5d23
Stream ssl_preread: relaxed SSL version check.
SSL version 3.0 can be specified by the client at the record level for
compatibility reasons. Previously, ssl_preread module rejected such
connections, presuming they don't have SNI. Now SSL 3.0 is allowed at
the record level.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Mon, 19 Dec 2016 14:02:39 +0300 |
| parents | 8f75d9883730 |
| children | 2a288909abc6 |
comparison
equal
deleted
inserted
replaced
| 6848:53ea5694d1cc | 6849:01adb18a5d23 |
|---|---|
| 140 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, | 140 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, |
| 141 "ssl preread: not a handshake"); | 141 "ssl preread: not a handshake"); |
| 142 return NGX_DECLINED; | 142 return NGX_DECLINED; |
| 143 } | 143 } |
| 144 | 144 |
| 145 if (p[1] != 3 || p[2] == 0) { | 145 if (p[1] != 3) { |
| 146 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, | 146 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, |
| 147 "ssl preread: unsupported SSL version"); | 147 "ssl preread: unsupported SSL version"); |
| 148 return NGX_DECLINED; | 148 return NGX_DECLINED; |
| 149 } | 149 } |
| 150 | 150 |