diff options
| author |   henning <henning@openbsd.org> | 2004-10-20 14:02:40 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2004-10-20 14:02:40 +0000 |
| commit | be7cd333f254b585931462027a1c07b652b17649 (patch) | |
| tree | 166679e4aa0d714f200b362458e107192cba463f /usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c | |
| parent | put newline at right place during attach (diff) | |
| download | wireguard-openbsd-be7cd333f254b585931462027a1c07b652b17649.tar.xz wireguard-openbsd-be7cd333f254b585931462027a1c07b652b17649.zip | |
merge changes from mod_ssl 2.8.20, in particular a fix for CAN-2004-0885
Diffstat (limited to 'usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c')
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c index 8e7b7d94e57..69bc248f088 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_engine_init.c,v 1.23 2003/11/17 18:57:06 henning Exp $ */ +/* $OpenBSD: ssl_engine_init.c,v 1.24 2004/10/20 14:02:40 henning Exp $ */ /* _ _ ** _ __ ___ ___ __| | ___ ___| | mod_ssl @@ -640,6 +640,14 @@ void ssl_init_ConfigureServer(server_rec *s, pool *p, SSLSrvConfigRec *sc) SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER); /* + * Disallow a session from being resumed during a renegotiation, + * so that an acceptable cipher suite can be negotiated. + */ +#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); +#endif + + /* * Configure callbacks for SSL context */ nVerify = SSL_VERIFY_NONE; |