Mercurial > hg > nginx

changeset 7322:6649d4433266

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Stream ssl_preread: added SSLv2 Client Hello support. In particular, it was not possible to obtain SSLv2 protocol version.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 18 Jul 2018 18:51:25 +0300
parents 45e513c3540d
children d230c797b168
files src/stream/ngx_stream_ssl_preread_module.c
diffstat 1 files changed, 14 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/stream/ngx_stream_ssl_preread_module.c
+++ b/src/stream/ngx_stream_ssl_preread_module.c
@@ -149,6 +149,14 @@ ngx_stream_ssl_preread_handler(ngx_strea
 
     while (last - p >= 5) {
 
+        if ((p[0] & 0x80) && p[2] == 1 && (p[3] == 0 || p[3] == 3)) {
+            ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
+                           "ssl preread: version 2 ClientHello");
+            ctx->version[0] = p[3];
+            ctx->version[1] = p[4];
+            return NGX_OK;
+        }
+
         if (p[0] != 0x16) {
             ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
                            "ssl preread: not a handshake");
@@ -507,8 +515,12 @@ ngx_stream_ssl_preread_protocol_variable
     ngx_str_null(&version);
 
     switch (ctx->version[0]) {
-    case 2:
-        ngx_str_set(&version, "SSLv2");
+    case 0:
+        switch (ctx->version[1]) {
+        case 2:
+            ngx_str_set(&version, "SSLv2");
+            break;
+        }
         break;
     case 3:
         switch (ctx->version[1]) {