Commit 0808b04c4690354aab43e0cdfe49588abb942e8c - nginx

SSL: use of the SSL_OP_NO_CLIENT_RENEGOTIATION option. The SSL_OP_NO_CLIENT_RENEGOTIATION option was introduced in LibreSSL 2.5.1. Unlike OpenSSL's SSL_OP_NO_RENEGOTIATION, it only disables client-initiated renegotiation, and hence can be safely used on all SSL contexts. Maxim Dounin 3 years ago

1 changed file(s) with 4 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all

-0

src/event/ngx_event_openssl.c less more

365	365
366	366	#ifdef SSL_OP_NO_ANTI_REPLAY
367	367	SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_ANTI_REPLAY);
	368	#endif
	369
	370	#ifdef SSL_OP_NO_CLIENT_RENEGOTIATION
	371	SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_CLIENT_RENEGOTIATION);
368	372	#endif
369	373
370	374	#ifdef SSL_MODE_RELEASE_BUFFERS