SSL: removed use of the SSL_OP_MSIE_SSLV2_RSA_PADDING option. It has no effect since OpenSSL 0.9.7h and 0.9.8a.

commit: 203bc448181ff1b696716fb09eeda5907385b9fc [log] [tgz]
author: Sergey Kandaurov <pluknet@nginx.com> Tue Aug 10 23:43:17 2021 +0300
committer: Sergey Kandaurov <pluknet@nginx.com> Tue Aug 10 23:43:17 2021 +0300
tree: 547c8babaffa328c45a1229b1069c24e542703af
parent: 5b0a50d46fac04f3d07e77a0060638e6dd1fe0da [diff]
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 3705f5e..c087884 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c

@@ -299,11 +299,6 @@
     SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
 #endif
 
-#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
-    /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
-    SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
-#endif
-
 #ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
 #endif
commit	203bc448181ff1b696716fb09eeda5907385b9fc	[log] [tgz]
author	Sergey Kandaurov <pluknet@nginx.com>	Tue Aug 10 23:43:17 2021 +0300
committer	Sergey Kandaurov <pluknet@nginx.com>	Tue Aug 10 23:43:17 2021 +0300
tree	547c8babaffa328c45a1229b1069c24e542703af
parent	5b0a50d46fac04f3d07e77a0060638e6dd1fe0da [diff]