Mercurial > hg > nginx
changeset 6995:eb5d119323d8
SSL: allowed renegotiation in client mode with OpenSSL < 1.1.0.
In ac9b1df5b246 (1.13.0) we attempted to allow renegotiation in client mode,
but when using OpenSSL 1.0.2 or older versions it was additionally disabled
by SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 03 May 2017 15:15:56 +0300 |
parents | f38647c651a8 |
children | 72188d1bcab5 |
files | src/event/ngx_event_openssl.c |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c Thu Apr 27 16:57:18 2017 +0300 +++ b/src/event/ngx_event_openssl.c Wed May 03 15:15:56 2017 +0300 @@ -1300,7 +1300,7 @@ #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS /* initial handshake done, disable renegotiation (CVE-2009-3555) */ - if (c->ssl->connection->s3) { + if (c->ssl->connection->s3 && SSL_is_server(c->ssl->connection)) { c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; }