Fijxu/nginx-quic
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.

Browse source 
The flag was recently removed by BoringSSL.
This commit is contained in:
Lukas Tribus 2014-12-17 15:12:50 +01:00
parent a64979ae9a
commit 1a90299683
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/event/ngx_event_openssl.c
View file

@ -1146,11 +1146,15 @@ ngx_ssl_handshake(ngx_connection_t *c)
c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain;
#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
/* initial handshake done, disable renegotiation (CVE-2009-3555) */
if (c->ssl->connection->s3) {
c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
}
#endif
return NGX_OK;
}