Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5378:a73678f5f96f
SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.
This option had no effect since 0.9.7h / 0.9.8b and it was removed
in recent OpenSSL.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
author | Piotr Sikora <piotr@cloudflare.com> |
---|---|
date | Mon, 16 Sep 2013 14:24:38 -0700 |
parents | 6c35a1f428f2 |
children | cfbf1d1cc233 |
comparison
equal
deleted
inserted
replaced
5377:cec155f07c84 | 5378:a73678f5f96f |
---|---|
183 /* server side options */ | 183 /* server side options */ |
184 | 184 |
185 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); | 185 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); |
186 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); | 186 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); |
187 | 187 |
188 #ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING | |
188 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ | 189 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ |
189 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); | 190 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); |
191 #endif | |
190 | 192 |
191 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); | 193 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); |
192 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); | 194 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); |
193 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); | 195 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); |
194 | 196 |