Mercurial > hg > nginx
changeset 7474:3f1db95d758a
SSL: use of the SSL_OP_NO_CLIENT_RENEGOTIATION option.
The SSL_OP_NO_CLIENT_RENEGOTIATION option was introduced in LibreSSL 2.5.1.
Unlike OpenSSL's SSL_OP_NO_RENEGOTIATION, it only disables client-initiated
renegotiation, and hence can be safely used on all SSL contexts.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Sun, 03 Mar 2019 16:49:02 +0300 |
| parents | 8981dbb12254 |
| children | 49f9d2f7d887 |
| files | src/event/ngx_event_openssl.c |
| diffstat | 1 files changed, 4 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -368,6 +368,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_ANTI_REPLAY); #endif +#ifdef SSL_OP_NO_CLIENT_RENEGOTIATION + SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); +#endif + #ifdef SSL_MODE_RELEASE_BUFFERS SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS); #endif