From: Roman Arutyunyan Date: Mon, 19 Dec 2016 11:02:39 +0000 (+0300) Subject: Stream ssl_preread: relaxed SSL version check. X-Git-Tag: release-1.11.8~15 X-Git-Url: http://git.kaiwu.me/postgresql/log/contrib/postgres_fdw/static/gitweb.js?a=commitdiff_plain;h=393636d79c836e360b14ca99f76996935ee02236;p=nginx.git Stream ssl_preread: relaxed SSL version check. SSL version 3.0 can be specified by the client at the record level for compatibility reasons. Previously, ssl_preread module rejected such connections, presuming they don't have SNI. Now SSL 3.0 is allowed at the record level. --- diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c index e26c51891..2040b4fe8 100644 --- a/src/stream/ngx_stream_ssl_preread_module.c +++ b/src/stream/ngx_stream_ssl_preread_module.c @@ -142,7 +142,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s) return NGX_DECLINED; } - if (p[1] != 3 || p[2] == 0) { + if (p[1] != 3) { ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, "ssl preread: unsupported SSL version"); return NGX_DECLINED;