summaryrefslogtreecommitdiffstats
path: root/src/openvpn/socket.c
diff options
context:
space:
mode:
authorJames Yonan <james@openvpn.net>2014-03-16 18:49:36 -0600
committerGert Doering <gert@greenie.muc.de>2014-03-17 19:42:08 +0100
commit25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b (patch)
tree4204e2d352790135fd0b0fd09395db53064834af /src/openvpn/socket.c
parent4affd9c98636e6c83aad4f0e7859a29f66898b72 (diff)
downloadopenvpn-25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b.tar.gz
openvpn-25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b.tar.xz
openvpn-25f4d4b49bff342fd9dd54cd22f14c9de49e9f8b.zip
Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
OpenVPN doesn't want or need SSL session renegotiation or resumption, as it handles renegotiation on its own. For this reason, OpenVPN always disables the SSL session cache: SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF) However, even with the above code, stateless session resumption is still possible unless explicitly disabled with the SSL_OP_NO_TICKET flag. This patch does this. Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1395017376-24554-1-git-send-email-james@openvpn.net> URL: http://article.gmane.org/gmane.network.openvpn.devel/8346 Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/socket.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2024-05-18 03:34:02 +0000