Google Git
Sign in
nginx/nginx/203bc448181ff1b696716fb09eeda5907385b9fc^!/.
commit
203bc448181ff1b696716fb09eeda5907385b9fc
[log]
author
Sergey Kandaurov <pluknet@nginx.com>
Tue Aug 10 23:43:17 2021 +0300
committer
Sergey Kandaurov <pluknet@nginx.com>
Tue Aug 10 23:43:17 2021 +0300
tree
547c8babaffa328c45a1229b1069c24e542703af
parent
5b0a50d46fac04f3d07e77a0060638e6dd1fe0da [diff]
SSL: removed use of the SSL_OP_MSIE_SSLV2_RSA_PADDING option.

It has no effect since OpenSSL 0.9.7h and 0.9.8a.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 3705f5e..c087884 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c

@@ -299,11 +299,6 @@
     SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
 #endif
 
-#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
-    /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
-    SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
-#endif
-
 #ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
 #endif