# HG changeset patch # User Maxim Dounin # Date 1551620942 -10800 # Node ID 3f1db95d758ab6b331065e99df47666bb1ed5e06 # Parent 8981dbb12254a667070be1151aaa2a982180d589 SSL: use of the SSL_OP_NO_CLIENT_RENEGOTIATION option. The SSL_OP_NO_CLIENT_RENEGOTIATION option was introduced in LibreSSL 2.5.1. Unlike OpenSSL's SSL_OP_NO_RENEGOTIATION, it only disables client-initiated renegotiation, and hence can be safely used on all SSL contexts. diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -368,6 +368,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_ANTI_REPLAY); #endif +#ifdef SSL_OP_NO_CLIENT_RENEGOTIATION + SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); +#endif + #ifdef SSL_MODE_RELEASE_BUFFERS SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS); #endif