Mercurial > hg > nginx

changeset 6995:eb5d119323d8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: allowed renegotiation in client mode with OpenSSL < 1.1.0. In ac9b1df5b246 (1.13.0) we attempted to allow renegotiation in client mode, but when using OpenSSL 1.0.2 or older versions it was additionally disabled by SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 03 May 2017 15:15:56 +0300
parents f38647c651a8
children 72188d1bcab5
files src/event/ngx_event_openssl.c
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1300,7 +1300,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
 
         /* initial handshake done, disable renegotiation (CVE-2009-3555) */
-        if (c->ssl->connection->s3) {
+        if (c->ssl->connection->s3 && SSL_is_server(c->ssl->connection)) {
             c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
         }