SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
The flag was recently removed by BoringSSL.
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 20f9eea..d5d4a1a 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1146,11 +1146,15 @@
c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain;
+#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+
/* initial handshake done, disable renegotiation (CVE-2009-3555) */
if (c->ssl->connection->s3) {
c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
}
+#endif
+
return NGX_OK;
}
