Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5946:ee941e49bd88
SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
The flag was recently removed by BoringSSL.
| author | Lukas Tribus <luky-37@hotmail.com> |
|---|---|
| date | Wed, 17 Dec 2014 15:12:50 +0100 |
| parents | 2c33ed82cde1 |
| children | c2f309fb7ad2 |
comparison
equal
deleted
inserted
replaced
| 5945:99751fe3bc3b | 5946:ee941e49bd88 |
|---|---|
| 1144 c->recv = ngx_ssl_recv; | 1144 c->recv = ngx_ssl_recv; |
| 1145 c->send = ngx_ssl_write; | 1145 c->send = ngx_ssl_write; |
| 1146 c->recv_chain = ngx_ssl_recv_chain; | 1146 c->recv_chain = ngx_ssl_recv_chain; |
| 1147 c->send_chain = ngx_ssl_send_chain; | 1147 c->send_chain = ngx_ssl_send_chain; |
| 1148 | 1148 |
| 1149 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS | |
| 1150 | |
| 1149 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ | 1151 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ |
| 1150 if (c->ssl->connection->s3) { | 1152 if (c->ssl->connection->s3) { |
| 1151 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; | 1153 c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; |
| 1152 } | 1154 } |
| 1155 | |
| 1156 #endif | |
| 1153 | 1157 |
| 1154 return NGX_OK; | 1158 return NGX_OK; |
| 1155 } | 1159 } |
| 1156 | 1160 |
| 1157 sslerr = SSL_get_error(c->ssl->connection, n); | 1161 sslerr = SSL_get_error(c->ssl->connection, n); |