diff options
author | James Yonan <james@openvpn.net> | 2014-03-16 18:49:36 -0600 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2014-03-17 19:42:08 +0100 |
commit | 25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b (patch) | |
tree | 4204e2d352790135fd0b0fd09395db53064834af /src/openvpn/socket.c | |
parent | 4affd9c98636e6c83aad4f0e7859a29f66898b72 (diff) | |
download | openvpn-25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b.tar.gz openvpn-25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b.tar.xz openvpn-25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b.zip |
Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
OpenVPN doesn't want or need SSL session renegotiation or
resumption, as it handles renegotiation on its own.
For this reason, OpenVPN always disables the SSL session cache:
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF)
However, even with the above code, stateless session resumption
is still possible unless explicitly disabled with the
SSL_OP_NO_TICKET flag. This patch does this.
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1395017376-24554-1-git-send-email-james@openvpn.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8346
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/socket.c')
0 files changed, 0 insertions, 0 deletions