Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5378:a73678f5f96f
SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.
This option had no effect since 0.9.7h / 0.9.8b and it was removed
in recent OpenSSL.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
| author | Piotr Sikora <piotr@cloudflare.com> |
|---|---|
| date | Mon, 16 Sep 2013 14:24:38 -0700 |
| parents | 6c35a1f428f2 |
| children | cfbf1d1cc233 |
comparison
equal
deleted
inserted
replaced
| 5377:cec155f07c84 | 5378:a73678f5f96f |
|---|---|
| 183 /* server side options */ | 183 /* server side options */ |
| 184 | 184 |
| 185 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); | 185 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); |
| 186 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); | 186 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); |
| 187 | 187 |
| 188 #ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING | |
| 188 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ | 189 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ |
| 189 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); | 190 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); |
| 191 #endif | |
| 190 | 192 |
| 191 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); | 193 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); |
| 192 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); | 194 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); |
| 193 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); | 195 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); |
| 194 | 196 |