openssl-patch/nginx_openssl-1.1.x_renegot...

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 3a0e150d..f080b2d7 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -350,6 +350,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
     SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION);
 #endif
 
+#ifdef SSL_OP_NO_RENEGOTIATION
+    SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_RENEGOTIATION);
+#endif
+
 #ifdef SSL_OP_NO_COMPRESSION
     SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
 #endif
@@ -1294,9 +1298,6 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
     } else {
         SSL_set_accept_state(sc->connection);
 
-#ifdef SSL_OP_NO_RENEGOTIATION
-        SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);
-#endif
     }
 
     if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
Revert "Not needed patch" This reverts commit 3709ac20f6e89edab496f546192ce59c33807c62. 2018-10-03 06:38:31 +00:00			`diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c`
			`index 3a0e150d..f080b2d7 100644`
			`--- a/src/event/ngx_event_openssl.c`
			`+++ b/src/event/ngx_event_openssl.c`
			`@@ -350,6 +350,10 @@ ngx_ssl_create(ngx_ssl_t ssl, ngx_uint_t protocols, void data)`
			`SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION);`
			`#endif`

			`+#ifdef SSL_OP_NO_RENEGOTIATION`
			`+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_RENEGOTIATION);`
			`+#endif`
			`+`
			`#ifdef SSL_OP_NO_COMPRESSION`
			`SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);`
			`#endif`
			`@@ -1294,9 +1298,6 @@ ngx_ssl_create_connection(ngx_ssl_t ssl, ngx_connection_t c, ngx_uint_t flags)`
			`} else {`
			`SSL_set_accept_state(sc->connection);`

			`-#ifdef SSL_OP_NO_RENEGOTIATION`
			`- SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);`
			`-#endif`
			`}`

			`if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {`