Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.

Maxim Dounin
December 18, 2014 12:12PM
details: http://hg.nginx.org/nginx/rev/ee941e49bd88
branches:
changeset: 5946:ee941e49bd88
user: Lukas Tribus <luky-37@hotmail.com>
date: Wed Dec 17 15:12:50 2014 +0100
description:
SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.

The flag was recently removed by BoringSSL.

diffstat:

src/event/ngx_event_openssl.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)

diffs (19 lines):

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1146,11 +1146,15 @@ ngx_ssl_handshake(ngx_connection_t *c)
c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain;

+#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+
/* initial handshake done, disable renegotiation (CVE-2009-3555) */
if (c->ssl->connection->s3) {
c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
}

+#endif
+
return NGX_OK;
}


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.

Maxim Dounin 822 December 18, 2014 12:12PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 145
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready