diff options
| author | claudio <> | 2017-01-22 08:27:50 +0000 |
|---|---|---|
| committer | claudio <> | 2017-01-22 08:27:50 +0000 |
| commit | 0356ccc6b32439d6cef453be9bd3c4786baa75d3 (patch) | |
| tree | 84caecc1315b113a28e853ac2e07dfc33a6615b1 | |
| parent | d82a6fcd01f5e4e4b106a595743bb5081bf0221c (diff) | |
| download | openbsd-0356ccc6b32439d6cef453be9bd3c4786baa75d3.tar.gz openbsd-0356ccc6b32439d6cef453be9bd3c4786baa75d3.tar.bz2 openbsd-0356ccc6b32439d6cef453be9bd3c4786baa75d3.zip | |
Disable session cache and tickets by default.
OK beck@ jsing@
| -rw-r--r-- | src/lib/libtls/tls.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 85ed883e8e..c028d19539 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.c,v 1.57 2017/01/13 17:09:51 deraadt Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.58 2017/01/22 08:27:50 claudio Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -359,6 +359,10 @@ tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx) | |||
| 359 | X509_V_FLAG_NO_CHECK_TIME); | 359 | X509_V_FLAG_NO_CHECK_TIME); |
| 360 | } | 360 | } |
| 361 | 361 | ||
| 362 | /* Disable any form of session caching by default */ | ||
| 363 | SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF); | ||
| 364 | SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET); | ||
| 365 | |||
| 362 | return (0); | 366 | return (0); |
| 363 | 367 | ||
| 364 | err: | 368 | err: |