SERVER-57630 Support SSL_OP_NO_REGNEGOTIATION if it's available at runtime

author: Sara Golemon <sara.golemon@mongodb.com> 2021-06-29 18:33:13 +0000
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2021-07-02 15:11:40 +0000
commit: 110a58f2ece4fd1efaa93ccf552883fef047a00b (patch)
tree: 134ba2bd070d34deec1bb66954b486d029db0824 /src/mongo/util/net/ssl_manager_openssl.cpp
parent: b587565b02c5a93bcf9097190d5b715b7f40ab0b (diff)
download: mongo-110a58f2ece4fd1efaa93ccf552883fef047a00b.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp
index 2965a8f9a66..2965c36f40a 100644
--- a/src/mongo/util/net/ssl_manager_openssl.cpp
+++ b/src/mongo/util/net/ssl_manager_openssl.cpp
@@ -2279,9 +2279,13 @@ Status SSLManagerOpenSSL::initSSLContext(SSL_CTX* context,
         }
     }
 
-#ifdef SSL_OP_NO_RENEGOTIATION
-    options |= SSL_OP_NO_RENEGOTIATION;
+#ifndef SSL_OP_NO_RENEGOTIATION
+#define SSL_OP_NO_RENEGOTIATION 0x40000000U
 #endif
+    if (OpenSSL_version_num() >= 0x10100080) {
+        /* SSL_OP_NO_RENEGOTIATION added in 1.1.0h (0x10100080) */
+        options |= SSL_OP_NO_RENEGOTIATION;
+    }
 
     ::SSL_CTX_set_options(context, options);
author	Sara Golemon <sara.golemon@mongodb.com>	2021-06-29 18:33:13 +0000
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2021-07-02 15:11:40 +0000
commit	110a58f2ece4fd1efaa93ccf552883fef047a00b (patch)
tree	134ba2bd070d34deec1bb66954b486d029db0824 /src/mongo/util/net/ssl_manager_openssl.cpp
parent	b587565b02c5a93bcf9097190d5b715b7f40ab0b (diff)
download	mongo-110a58f2ece4fd1efaa93ccf552883fef047a00b.tar.gz