Mercurial > hg > nginx
changeset 5946:ee941e49bd88
SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
The flag was recently removed by BoringSSL.
author | Lukas Tribus <luky-37@hotmail.com> |
---|---|
date | Wed, 17 Dec 2014 15:12:50 +0100 |
parents | 99751fe3bc3b |
children | d9025ea1f5a5 |
files | src/event/ngx_event_openssl.c |
diffstat | 1 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c Fri Dec 12 20:25:42 2014 +0300 +++ b/src/event/ngx_event_openssl.c Wed Dec 17 15:12:50 2014 +0100 @@ -1146,11 +1146,15 @@ c->recv_chain = ngx_ssl_recv_chain; c->send_chain = ngx_ssl_send_chain; +#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS + /* initial handshake done, disable renegotiation (CVE-2009-3555) */ if (c->ssl->connection->s3) { c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; } +#endif + return NGX_OK; }