openssl 1.1.1e 14095126:SSL routines:ssl3_read_n
itpp2012
nginx-forum at forum.nginx.org
Mon Mar 23 11:41:28 UTC 2020
It doesn't and there are a few more for which this doesn't work either, it
needs a lot more work and testing.
I had a new concept patch but today decided to roll back to 1.1.1d and back
port 1.1.1e (de) patches only.
Only NGX_ERROR mitigates a truncation attack, not NGX_DONE (which is open
for debate).
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,287377,287426#msg-287426
More information about the nginx
mailing list