Re: SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS

Piotr Sikora Wed, 17 Dec 2014 15:02:33 -0800

Hey Lukas,

>          /* initial handshake done, disable renegotiation (CVE-2009-3555) */
> +#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
>          if (c->ssl->connection->s3) {
>              c->ssl->connection->s3->flags |=
> SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
>          }
> +#endif


#ifdef should be above the comment.

I also think that this change needs a bit more work, since
renegotiation changes are all over the place in nginx. I've started
looking into this earlier this month, but got busy with other stuff.

Best regards,
Piotr Sikora

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS

Reply via email to