id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
463	Server: OpenSSL options for modern OpenSSL	Jeffrey Walton		"A number of the bug workarounds applied to the server can be forgone according to https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html. According the page, ""As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.""

From https://www.openssl.org/docs/crypto/OPENSSL_VERSION_NUMBER.html, I believe the version numbers of interest are 0x000908100 (0.9.8q), 0x000A00000 (1.0.0), 0x000A00010 (1.0.0a), and 0x000A00020 (1.0.0b).

{{{
#if (OPENSSL_VERSION_NUMBER <= 0x000908100) || (OPENSSL_VERSION_NUMBER == 0x001000000) || (OPENSSL_VERSION_NUMBER == 0x001000010) || (OPENSSL_VERSION_NUMBER == 0x001000020)
    SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
    SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);

    /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
    SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);

    SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
    SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
    SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
#endif
}}}"	defect	closed	minor		nginx-core	1.3.x	worksforme			"$ uname -a
Darwin riemann.home.pvt 12.5.0 Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64"	"$ objs/nginx -V
nginx version: nginx/1.4.4
configure arguments:"