SSLv3 protocol with LibreSSL
Kuramoto Eiji
ek at kuramoto.org
Tue Feb 17 14:25:42 UTC 2015
# HG changeset patch
# User Kuramoto Eiji <ek at kuramoto.org>
# Date 1424182447 -32400
# Node ID 2f0279e2d15aa7fd4c8300a99fa323513deaf1ab
# Parent f3f25ad09deee27485050a75732e5f46ab1b18b3
SSLv3 protocol is not available with LibreSSL,
even if SSLv3 option is supplied in config.
LibreSSL-2.1.2/2.1.3 disables SSLv3 by default.
diff -r f3f25ad09dee -r 2f0279e2d15a src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Wed Feb 11 20:18:55 2015 +0300
+++ b/src/event/ngx_event_openssl.c Tue Feb 17 23:14:07 2015 +0900
@@ -252,9 +252,17 @@
if (!(protocols & NGX_SSL_SSLv2)) {
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
}
+ifdef LIBRESSL_VERSION_NUMBER
+ if (!(protocols & NGX_SSL_SSLv3)) {
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
+ } else {
+ SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_SSLv3);
+ }
+#else
if (!(protocols & NGX_SSL_SSLv3)) {
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
}
+#endif
if (!(protocols & NGX_SSL_TLSv1)) {
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
}
- Kuramoto Eiji
More information about the nginx-devel
mailing list