Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 7474:3f1db95d758a
SSL: use of the SSL_OP_NO_CLIENT_RENEGOTIATION option.
The SSL_OP_NO_CLIENT_RENEGOTIATION option was introduced in LibreSSL 2.5.1.
Unlike OpenSSL's SSL_OP_NO_RENEGOTIATION, it only disables client-initiated
renegotiation, and hence can be safely used on all SSL contexts.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sun, 03 Mar 2019 16:49:02 +0300 |
parents | d430babbe643 |
children | b6dc8a12c07a |
comparison
equal
deleted
inserted
replaced
7473:8981dbb12254 | 7474:3f1db95d758a |
---|---|
364 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); | 364 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); |
365 #endif | 365 #endif |
366 | 366 |
367 #ifdef SSL_OP_NO_ANTI_REPLAY | 367 #ifdef SSL_OP_NO_ANTI_REPLAY |
368 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_ANTI_REPLAY); | 368 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_ANTI_REPLAY); |
369 #endif | |
370 | |
371 #ifdef SSL_OP_NO_CLIENT_RENEGOTIATION | |
372 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); | |
369 #endif | 373 #endif |
370 | 374 |
371 #ifdef SSL_MODE_RELEASE_BUFFERS | 375 #ifdef SSL_MODE_RELEASE_BUFFERS |
372 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS); | 376 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS); |
373 #endif | 377 #endif |