Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 6dbb9a1b6a667326816da117a11a64d3f9694ede
commit6dbb9a1b6a667326816da117a11a64d3f9694ede[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.com>Thu Jun 11 17:34:00 2020 +0200
committerWilliam Lallemand <wlallemand@haproxy.org>Fri Jun 12 16:38:24 2020 +0200
treefc563714e3c6488088e663c43e0a34e7ef6766fd
parente15ebc4cf7d5ee3609657af8bba1de3a1d43f8f9 [diff]
BUG/MINOR: ssl: fix ssl-{min,max}-ver with openssl < 1.1.0

In bug #676, it was reported that ssl-min-ver SSLv3 does not work in
Amazon environments with OpenSSL 1.0.2.

The reason for this is a patch of Amazon OpenSSL which sets
SSL_OP_NO_SSLv3 in SSL_CTX_new(). Which is kind of a problem with our
implementation of ssl-{min,max}-ver in old openSSL versions, because it
does not try to clear existing version flags.

This patch fixes the bug by cleaning versions flags known by HAProxy in
the SSL_CTX before applying the right ones.

Should be backported as far as 1.8.

(cherry picked from commit d0712f3873546a0c24f3204ad75dd7eacd689602)
[wla: context edit]
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
(cherry picked from commit 4356453a4300435a3fea6cbb5bf424e0b6540468)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
1 file changed
tree: fc563714e3c6488088e663c43e0a34e7ef6766fd
  1. .github/
  2. contrib/
  3. doc/
  4. ebtree/
  5. examples/
  6. include/
  7. reg-tests/
  8. scripts/
  9. src/
  10. tests/
  11. .cirrus.yml
  12. .gitignore
  13. .travis.yml
  14. BRANCHES
  15. CHANGELOG
  16. CONTRIBUTING
  17. INSTALL
  18. LICENSE
  19. MAINTAINERS
  20. Makefile
  21. README
  22. ROADMAP
  23. SUBVERS
  24. VERDATE
  25. VERSION