diff options
| author |   jsing <jsing@openbsd.org> | 2017-03-30 15:41:04 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2017-03-30 15:41:04 +0000 |
| commit | b60ef986f459ee48dbee5c69ce172ca5b8bcb69f (patch) | |
| tree | d62435fc5e8e007623a5a8a0e28e1c3e3f1c8603 | |
| parent | correct NBPFILTER #ifdef's (diff) | |
| download | wireguard-openbsd-b60ef986f459ee48dbee5c69ce172ca5b8bcb69f.tar.xz wireguard-openbsd-b60ef986f459ee48dbee5c69ce172ca5b8bcb69f.zip | |
Disable client-initiated renegotiation.
ok gilles@ eric@ deraadt@
| -rw-r--r-- | usr.sbin/smtpd/ssl.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/usr.sbin/smtpd/ssl.c b/usr.sbin/smtpd/ssl.c index 882a23283a2..fb5901bdc46 100644 --- a/usr.sbin/smtpd/ssl.c +++ b/usr.sbin/smtpd/ssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.c,v 1.87 2016/09/02 09:43:54 gilles Exp $ */ +/* $OpenBSD: ssl.c,v 1.88 2017/03/30 15:41:04 jsing Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -267,6 +267,7 @@ ssl_ctx_create(const char *pkiname, char *cert, off_t cert_len, const char *ciph SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TICKET); SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); + SSL_CTX_set_options(ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); if (ciphers == NULL) |