37 lines
1.1 KiB
Diff
37 lines
1.1 KiB
Diff
From ca5bbc5692e052159bce1a75f55dc60b36078749 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Julien=20Rop=C3=A9?= <jrope@redhat.com>
|
|
Date: Wed, 2 Dec 2020 13:39:27 +0100
|
|
Subject: [PATCH 1/2] With OpenSSL 1.1: Disable client-initiated renegotiation.
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Fixes issue #49
|
|
Fixes BZ#1904459
|
|
|
|
Signed-off-by: Julien Ropé <jrope@redhat.com>
|
|
Reported-by: BlackKD
|
|
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
---
|
|
server/reds.cpp | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/server/reds.cpp b/server/reds.cpp
|
|
index fe69508e..f61086cb 100644
|
|
--- a/server/reds.c
|
|
+++ b/server/reds.c
|
|
@@ -2862,6 +2862,10 @@ static int reds_init_ssl(RedsState *reds)
|
|
* When some other SSL/TLS version becomes obsolete, add it to this
|
|
* variable. */
|
|
long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
|
|
+#ifdef SSL_OP_NO_RENEGOTIATION
|
|
+ // With OpenSSL 1.1: Disable all renegotiation in TLSv1.2 and earlier
|
|
+ ssl_options |= SSL_OP_NO_RENEGOTIATION;
|
|
+#endif
|
|
|
|
/* Global system initialization*/
|
|
openssl_global_init();
|
|
--
|
|
2.29.2
|
|
|