summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2017-01-22 08:27:51 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2017-01-22 08:27:51 +0000
commit0b291c7af172c50feaa7c669e3a49cb18750bf12 (patch)
tree488ea2bcf4cf94129deea676d786ee2aa11111bd
parent15dc6d0938826d99a66fc912e821a8ec5c52f7e6 (diff)
Disable session cache and tickets by default.
OK beck@ jsing@
Diffstat
-rw-r--r--lib/libtls/tls.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c
index 85ed883e8e9..c028d19539b 100644
--- a/lib/libtls/tls.c
+++ b/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.57 2017/01/13 17:09:51 deraadt Exp $ */
+/* $OpenBSD: tls.c,v 1.58 2017/01/22 08:27:50 claudio Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
@@ -359,6 +359,10 @@ tls_configure_ssl(struct tls *ctx, SSL_CTX *ssl_ctx)
X509_V_FLAG_NO_CHECK_TIME);
}
+ /* Disable any form of session caching by default */
+ SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_OFF);
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_TICKET);
+
return (0);
err:
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-11 14:10:46 +0000