Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6995:eb5d119323d8
SSL: allowed renegotiation in client mode with OpenSSL < 1.1.0.
In ac9b1df5b246 (1.13.0) we attempted to allow renegotiation in client mode,
but when using OpenSSL 1.0.2 or older versions it was additionally disabled
by SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 03 May 2017 15:15:56 +0300 |
parents | 3518287d995e |
children | 07a49cce21ca |
comparison
equal
deleted
inserted
replaced
6994:f38647c651a8 | 6995:eb5d119323d8 |
---|---|
1298 | 1298 |
1299 #if OPENSSL_VERSION_NUMBER < 0x10100000L | 1299 #if OPENSSL_VERSION_NUMBER < 0x10100000L |
1300 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS | 1300 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS |
1301 | 1301 |
1302 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ | 1302 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ |
1303 if (c->ssl->connection->s3) { | 1303 if (c->ssl->connection->s3 && SSL_is_server(c->ssl->connection)) { |
1304 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; | 1304 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; |
1305 } | 1305 } |
1306 | 1306 |
1307 #endif | 1307 #endif |
1308 #endif | 1308 #endif |