summaryrefslogtreecommitdiffstats
path: root/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c')
-rw-r--r--usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
index 8e7b7d94e57..69bc248f088 100644
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
+++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_engine_init.c,v 1.23 2003/11/17 18:57:06 henning Exp $ */
+/* $OpenBSD: ssl_engine_init.c,v 1.24 2004/10/20 14:02:40 henning Exp $ */
/* _ _
** _ __ ___ ___ __| | ___ ___| | mod_ssl
@@ -640,6 +640,14 @@ void ssl_init_ConfigureServer(server_rec *s, pool *p, SSLSrvConfigRec *sc)
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
/*
+ * Disallow a session from being resumed during a renegotiation,
+ * so that an acceptable cipher suite can be negotiated.
+ */
+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+#endif
+
+ /*
* Configure callbacks for SSL context
*/
nVerify = SSL_VERIFY_NONE;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.