SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.

author Lukas Tribus <luky-37@hotmail.com>

Wed, 17 Dec 2014 14:12:50 +0000 (15:12 +0100)

committer Lukas Tribus <luky-37@hotmail.com>

Wed, 17 Dec 2014 14:12:50 +0000 (15:12 +0100)
author Lukas Tribus <luky-37@hotmail.com>
Wed, 17 Dec 2014 14:12:50 +0000 (15:12 +0100)
committer Lukas Tribus <luky-37@hotmail.com>
Wed, 17 Dec 2014 14:12:50 +0000 (15:12 +0100)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c

index 20f9eea660bb25ac3f023f92d4b056463e7db045..d5d4a1ac906bb2aafd9e62e05617df821aec27bb 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1146,11 +1146,15 @@ ngx_ssl_handshake(ngx_connection_t *c)
          c->recv_chain = ngx_ssl_recv_chain;
          c->send_chain = ngx_ssl_send_chain;
  
+#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+
          /* initial handshake done, disable renegotiation (CVE-2009-3555) */
          if (c->ssl->connection->s3) {
              c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
          }
  
+#endif
+
          return NGX_OK;
      }
author	Lukas Tribus <luky-37@hotmail.com>
	Wed, 17 Dec 2014 14:12:50 +0000 (15:12 +0100)
committer	Lukas Tribus <luky-37@hotmail.com>
	Wed, 17 Dec 2014 14:12:50 +0000 (15:12 +0100)