Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_preread_module.c @ 6849:01adb18a5d23
Stream ssl_preread: relaxed SSL version check.
SSL version 3.0 can be specified by the client at the record level for
compatibility reasons. Previously, ssl_preread module rejected such
connections, presuming they don't have SNI. Now SSL 3.0 is allowed at
the record level.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Mon, 19 Dec 2016 14:02:39 +0300 |
parents | 8f75d9883730 |
children | 2a288909abc6 |
comparison
equal
deleted
inserted
replaced
6848:53ea5694d1cc | 6849:01adb18a5d23 |
---|---|
140 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, | 140 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, |
141 "ssl preread: not a handshake"); | 141 "ssl preread: not a handshake"); |
142 return NGX_DECLINED; | 142 return NGX_DECLINED; |
143 } | 143 } |
144 | 144 |
145 if (p[1] != 3 || p[2] == 0) { | 145 if (p[1] != 3) { |
146 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, | 146 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, |
147 "ssl preread: unsupported SSL version"); | 147 "ssl preread: unsupported SSL version"); |
148 return NGX_DECLINED; | 148 return NGX_DECLINED; |
149 } | 149 } |
150 | 150 |