mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 17:52:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: allowed renegotiation in client mode with OpenSSL < 1.1.0.

Browse Source 
In ac9b1df5b246 (1.13.0) we attempted to allow renegotiation in client mode,
but when using OpenSSL 1.0.2 or older versions it was additionally disabled
by SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
This commit is contained in:
Sergey Kandaurov 2017-05-03 15:15:56 +03:00
parent 8449f750e6
commit 9961198879
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/event/ngx_event_openssl.c
View File

@ -1300,7 +1300,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
/* initial handshake done, disable renegotiation (CVE-2009-3555) */ /* initial handshake done, disable renegotiation (CVE-2009-3555) */
if (c->ssl->connection->s3) { if (c->ssl->connection->s3 && SSL_is_server(c->ssl->connection)) {
c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
} }