Google Git
Sign in
nginx/nginx/29ea1273fef9c94d213eec53e027cd9aa70780e8^!/.
commit
29ea1273fef9c94d213eec53e027cd9aa70780e8
[log]
author
Piotr Sikora <piotr@cloudflare.com>
Mon Sep 16 14:24:38 2013 -0700
committer
Piotr Sikora <piotr@cloudflare.com>
Mon Sep 16 14:24:38 2013 -0700
tree
89bc8a44c36ce86a03cb728aee5620f09de70cd0
parent
db1532944cef68f835917894b8e9fc569d1712b4 [diff]
SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.

This option had no effect since 0.9.7h / 0.9.8b and it was removed
in recent OpenSSL.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index f2419e4..fedb604 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c

@@ -185,8 +185,10 @@
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
     SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
 
+#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
     /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
     SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
+#endif
 
     SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
     SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);