Commit ca5bbc56 authored by Julien Ropé's avatar Julien Ropé Committed by Frediano Ziglio

With OpenSSL 1.1: Disable client-initiated renegotiation.

Fixes issue #49
Fixes BZ#1904459
Signed-off-by: Julien Ropé's avatarJulien Ropé <jrope@redhat.com>
Reported-by: BlackKD
Acked-by: Frediano Ziglio's avatarFrediano Ziglio <fziglio@redhat.com>
parent 7da855b6
......@@ -2753,6 +2753,10 @@ static int reds_init_ssl(RedsState *reds)
* When some other SSL/TLS version becomes obsolete, add it to this
* variable. */
long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
#ifdef SSL_OP_NO_RENEGOTIATION
// With OpenSSL 1.1: Disable all renegotiation in TLSv1.2 and earlier
ssl_options |= SSL_OP_NO_RENEGOTIATION;
#endif
/* Global system initialization*/
openssl_global_init();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment