SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.

The flag was recently removed by BoringSSL.
author: Lukas Tribus <luky-37@hotmail.com> 2014-12-17 15:12:50 +0100
committer: Lukas Tribus <luky-37@hotmail.com> 2014-12-17 15:12:50 +0100
commit: cf9283113151fa4572bfdb639a0934b5a3a052bb (patch)
tree: 5cf16963ce79883f4f1273a1033bd94005e29860 /src
parent: 16f248ebbbbbe1682de4a0249889ec97e1d16461 (diff)
download: nginx-cf9283113151fa4572bfdb639a0934b5a3a052bb.tar.gz
nginx-cf9283113151fa4572bfdb639a0934b5a3a052bb.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 20f9eea66..d5d4a1ac9 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1146,11 +1146,15 @@ ngx_ssl_handshake(ngx_connection_t *c)
         c->recv_chain = ngx_ssl_recv_chain;
         c->send_chain = ngx_ssl_send_chain;
 
+#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+
         /* initial handshake done, disable renegotiation (CVE-2009-3555) */
         if (c->ssl->connection->s3) {
             c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
         }
 
+#endif
+
         return NGX_OK;
     }
author	Lukas Tribus <luky-37@hotmail.com>	2014-12-17 15:12:50 +0100
committer	Lukas Tribus <luky-37@hotmail.com>	2014-12-17 15:12:50 +0100
commit	cf9283113151fa4572bfdb639a0934b5a3a052bb (patch)
tree	5cf16963ce79883f4f1273a1033bd94005e29860 /src
parent	16f248ebbbbbe1682de4a0249889ec97e1d16461 (diff)
download	nginx-cf9283113151fa4572bfdb639a0934b5a3a052bb.tar.gz nginx-cf9283113151fa4572bfdb639a0934b5a3a052bb.zip