tls: enable renegotiation when using BoringSSL

PR-URL: #34832
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Shelley Vohr <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Rich Trott <[email protected]>

Author: nornagon

src/tls_wrap.cc

@@ -131,6 +131,12 @@ void TLSWrap::InitSSL() {
   // - https://wiki.openssl.org/index.php/TLS1.3#Non-application_data_records
   SSL_set_mode(ssl_.get(), SSL_MODE_AUTO_RETRY);
 
+#ifdef OPENSSL_IS_BORINGSSL
+  // OpenSSL allows renegotiation by default, but BoringSSL disables it.
+  // Configure BoringSSL to match OpenSSL's behavior.
+  SSL_set_renegotiate_mode(ssl_.get(), ssl_renegotiate_freely);
+#endif
+
   SSL_set_app_data(ssl_.get(), this);
   // Using InfoCallback isn't how we are supposed to check handshake progress:
   //   https://github.com/openssl/openssl/issues/7199#issuecomment-420915993