Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6995:eb5d119323d8
SSL: allowed renegotiation in client mode with OpenSSL < 1.1.0.
In ac9b1df5b246 (1.13.0) we attempted to allow renegotiation in client mode,
but when using OpenSSL 1.0.2 or older versions it was additionally disabled
by SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 03 May 2017 15:15:56 +0300 |
| parents | 3518287d995e |
| children | 07a49cce21ca |
comparison
equal
deleted
inserted
replaced
| 6994:f38647c651a8 | 6995:eb5d119323d8 |
|---|---|
| 1298 | 1298 |
| 1299 #if OPENSSL_VERSION_NUMBER < 0x10100000L | 1299 #if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1300 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS | 1300 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS |
| 1301 | 1301 |
| 1302 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ | 1302 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ |
| 1303 if (c->ssl->connection->s3) { | 1303 if (c->ssl->connection->s3 && SSL_is_server(c->ssl->connection)) { |
| 1304 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; | 1304 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; |
| 1305 } | 1305 } |
| 1306 | 1306 |
| 1307 #endif | 1307 #endif |
| 1308 #endif | 1308 #endif |