[nginx] Stream ssl_preread: relaxed SSL version check.
Roman Arutyunyan
arut at nginx.com
Mon Dec 19 11:11:40 UTC 2016
details: http://hg.nginx.org/nginx/rev/01adb18a5d23
branches:
changeset: 6849:01adb18a5d23
user: Roman Arutyunyan <arut at nginx.com>
date: Mon Dec 19 14:02:39 2016 +0300
description:
Stream ssl_preread: relaxed SSL version check.
SSL version 3.0 can be specified by the client at the record level for
compatibility reasons. Previously, ssl_preread module rejected such
connections, presuming they don't have SNI. Now SSL 3.0 is allowed at
the record level.
diffstat:
src/stream/ngx_stream_ssl_preread_module.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diffs (12 lines):
diff -r 53ea5694d1cc -r 01adb18a5d23 src/stream/ngx_stream_ssl_preread_module.c
--- a/src/stream/ngx_stream_ssl_preread_module.c Fri Dec 16 19:54:37 2016 +0300
+++ b/src/stream/ngx_stream_ssl_preread_module.c Mon Dec 19 14:02:39 2016 +0300
@@ -142,7 +142,7 @@ ngx_stream_ssl_preread_handler(ngx_strea
return NGX_DECLINED;
}
- if (p[1] != 3 || p[2] == 0) {
+ if (p[1] != 3) {
ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
"ssl preread: unsupported SSL version");
return NGX_DECLINED;
More information about the nginx-devel
mailing list