[PATCH] SSL: guard use of all SSL options for bug workarounds

Maxim Dounin mdounin at mdounin.ru
Mon Sep 8 17:22:14 UTC 2014


On Mon, Sep 08, 2014 at 01:01:02PM +0200, Richard Fussenegger, BSc wrote:

> Wouldn't it be better to drop support for ancient OpenSSL versions? It would
> be a great step for performance and security. Are there any good reasons to
> support old OpenSSL versions?

Dropping support doesn't changes anything for ones who uses modern 
versions of the OpenSSL library.  And will upset ones who, for 
some reason, have to use old versions.

The only benefit of dropping support for older OpenSSL versions is 
slightly lower code maintenance costs on nginx side.

Maxim Dounin

More information about the nginx-devel mailing list