id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 463 Server: OpenSSL options for modern OpenSSL Jeffrey Walton "A number of the bug workarounds applied to the server can be forgone according to https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html. According the page, ""As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect."" From https://www.openssl.org/docs/crypto/OPENSSL_VERSION_NUMBER.html, I believe the version numbers of interest are 0x000908100 (0.9.8q), 0x000A00000 (1.0.0), 0x000A00010 (1.0.0a), and 0x000A00020 (1.0.0b). {{{ #if (OPENSSL_VERSION_NUMBER <= 0x000908100) || (OPENSSL_VERSION_NUMBER == 0x001000000) || (OPENSSL_VERSION_NUMBER == 0x001000010) || (OPENSSL_VERSION_NUMBER == 0x001000020) SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); #endif }}}" defect closed minor nginx-core 1.3.x worksforme "$ uname -a Darwin riemann.home.pvt 12.5.0 Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64" "$ objs/nginx -V nginx version: nginx/1.4.4 configure arguments:"