diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2017-03-30 15:41:05 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2017-03-30 15:41:05 +0000 |
| commit | 9abb8e331d52ebf310253f77ced6a6d02a100601 (patch) | |
| tree | e1fcbb27ec93266e08b646c05afde3d4755f3766 | |
| parent | 198f4fa53cc87afe0bbd0d87e1df4a8458ee591b (diff) | |
Disable client-initiated renegotiation.
ok gilles@ eric@ deraadt@
| -rw-r--r-- | usr.sbin/smtpd/ssl.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c index 882a23283a2..fb5901bdc46 100644 --- a/usr.sbin/smtpd/ssl.c +++ b/usr.sbin/smtpd/ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.c,v 1.87 2016/09/02 09:43:54 gilles Exp $ */ +/* $OpenBSD: ssl.c,v 1.88 2017/03/30 15:41:04 jsing Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -267,6 +267,7 @@ ssl_ctx_create(const char *pkiname, char *cert, off_t cert_len, const char *ciph SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TICKET); SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); + SSL_CTX_set_options(ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); if (ciphers == NULL) |