From 29ea1273fef9c94d213eec53e027cd9aa70780e8 Mon Sep 17 00:00:00 2001 From: Piotr Sikora Date: Mon, 16 Sep 2013 14:24:38 -0700 Subject: SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING. This option had no effect since 0.9.7h / 0.9.8b and it was removed in recent OpenSSL. Signed-off-by: Piotr Sikora --- src/event/ngx_event_openssl.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index f2419e466..fedb604de 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -185,8 +185,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); +#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); +#endif SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); -- cgit