Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7474:3f1db95d758a
SSL: use of the SSL_OP_NO_CLIENT_RENEGOTIATION option.
The SSL_OP_NO_CLIENT_RENEGOTIATION option was introduced in LibreSSL 2.5.1.
Unlike OpenSSL's SSL_OP_NO_RENEGOTIATION, it only disables client-initiated
renegotiation, and hence can be safely used on all SSL contexts.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Sun, 03 Mar 2019 16:49:02 +0300 |
| parents | d430babbe643 |
| children | b6dc8a12c07a |
comparison
equal
deleted
inserted
replaced
| 7473:8981dbb12254 | 7474:3f1db95d758a |
|---|---|
| 364 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); | 364 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); |
| 365 #endif | 365 #endif |
| 366 | 366 |
| 367 #ifdef SSL_OP_NO_ANTI_REPLAY | 367 #ifdef SSL_OP_NO_ANTI_REPLAY |
| 368 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_ANTI_REPLAY); | 368 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_ANTI_REPLAY); |
| 369 #endif | |
| 370 | |
| 371 #ifdef SSL_OP_NO_CLIENT_RENEGOTIATION | |
| 372 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); | |
| 369 #endif | 373 #endif |
| 370 | 374 |
| 371 #ifdef SSL_MODE_RELEASE_BUFFERS | 375 #ifdef SSL_MODE_RELEASE_BUFFERS |
| 372 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS); | 376 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS); |
| 373 #endif | 377 #endif |