Disable client-initiated TLS renegotiation by default. - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	reyk <reyk@openbsd.org>	2017-02-02 08:24:16 +0000
committer	reyk <reyk@openbsd.org>	2017-02-02 08:24:16 +0000
commit	dbb03cc58285e1d9795f9841eaf19f5343c6fc01 (patch)
tree	aa3d1e99ce75ae5c76e2576ba53c2f255b2a2de6 /lib/libc/stdlib/malloc.c
parent	When dumping core, skip pages marked as unreadable instead of aborting (diff)
download	wireguard-openbsd-dbb03cc58285e1d9795f9841eaf19f5343c6fc01.tar.xz wireguard-openbsd-dbb03cc58285e1d9795f9841eaf19f5343c6fc01.zip

Disable client-initiated TLS renegotiation by default.

It is rarely needed and imposes a light DoS risk. LibreSSL's libssl allows to turn it off with a simple SSL_OP_NO_CLIENT_RENEGOTIATION option instead of the complicated implementation that was used before. It now turns it off completely instead of allowing one initial client-initiated renegotiation. It can still be enabled with "tls client-renegotiation". ok benno@ beck@ jsing@

Diffstat (limited to 'lib/libc/stdlib/malloc.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: