SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.

The flag was recently removed by BoringSSL.
2024-12-03 21:18:59 +08:00 · 2014-12-17 15:12:50 +01:00 · 2014-12-17 15:12:50 +01:00 · cf92831131
commit cf92831131
parent 16f248ebbb
1 changed files with 4 additions and 0 deletions
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@ -1146,11 +1146,15 @@ ngx_ssl_handshake(ngx_connection_t *c)
        c->recv_chain = ngx_ssl_recv_chain;
        c->send_chain = ngx_ssl_send_chain;

+#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+
        /* initial handshake done, disable renegotiation (CVE-2009-3555) */
        if (c->ssl->connection->s3) {
            c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
        }

+#endif
+
        return NGX_OK;
    }