Skip to content

Commit

Permalink
tls: enable renegotiation when using BoringSSL
Browse files Browse the repository at this point in the history
PR-URL: #34832
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
  • Loading branch information
nornagon authored and BethGriggs committed Aug 24, 2020
1 parent cc72584 commit e90cb49
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/tls_wrap.cc
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,12 @@ void TLSWrap::InitSSL() {
// - https://wiki.openssl.org/index.php/TLS1.3#Non-application_data_records
SSL_set_mode(ssl_.get(), SSL_MODE_AUTO_RETRY);

#ifdef OPENSSL_IS_BORINGSSL
// OpenSSL allows renegotiation by default, but BoringSSL disables it.
// Configure BoringSSL to match OpenSSL's behavior.
SSL_set_renegotiate_mode(ssl_.get(), ssl_renegotiate_freely);
#endif

SSL_set_app_data(ssl_.get(), this);
// Using InfoCallback isn't how we are supposed to check handshake progress:
// https://github.com/openssl/openssl/issues/7199#issuecomment-420915993
Expand Down

0 comments on commit e90cb49

Please sign in to comment.