Active man-in-the-middle attacker can force rollback to SSL 2.0 protocol with known cryptographic weakness for both client and server if SSL_OP_MSIE_SSLV2_RSA_PADDING (or SSL_OP_ALL) configuration option is enabled.
vulners.com/securityvulns/securityvulns:doc:9901