Commit 95a0cfac authored by Julien Ropé's avatar Julien Ropé Committed by Frediano Ziglio

With OpenSSL 1.0.2 and earlier: disable client-side renegotiation.

Fixed issue #49
Fixes BZ#1904459
Signed-off-by: Julien Ropé's avatarJulien Ropé <jrope@redhat.com>
Reported-by: BlackKD
Acked-by: Frediano Ziglio's avatarFrediano Ziglio <fziglio@redhat.com>
parent ca5bbc56
Pipeline #240067 passed with stage
in 14 minutes and 43 seconds
......@@ -523,6 +523,11 @@ RedStreamSslStatus red_stream_ssl_accept(RedStream *stream)
return RED_STREAM_SSL_STATUS_OK;
}
#ifndef SSL_OP_NO_RENEGOTIATION
// With OpenSSL 1.0.2 and earlier: disable client-side renogotiation
stream->priv->ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
#endif
ssl_error = SSL_get_error(stream->priv->ssl, return_code);
if (return_code == -1 && (ssl_error == SSL_ERROR_WANT_READ ||
ssl_error == SSL_ERROR_WANT_WRITE)) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment