mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-12-11 09:49:02 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.

Browse Source 
The flag was recently removed by BoringSSL.
This commit is contained in:
Lukas Tribus 2014-12-17 15:12:50 +01:00
parent 16f248ebbb
commit cf92831131
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/event/ngx_event_openssl.c
View File

@ -1146,11 +1146,15 @@ ngx_ssl_handshake(ngx_connection_t *c)
c->recv_chain = ngx_ssl_recv_chain; c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain; c->send_chain = ngx_ssl_send_chain;
#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
/* initial handshake done, disable renegotiation (CVE-2009-3555) */ /* initial handshake done, disable renegotiation (CVE-2009-3555) */
if (c->ssl->connection->s3) { if (c->ssl->connection->s3) {
c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
} }
#endif
return NGX_OK; return NGX_OK;
} }