mirror of
https://github.com/matrix-construct/construct
synced 2024-12-29 08:54:02 +01:00
openssl: Set some sort of session id context.
Without a session id context and if client certificates are used, OpenSSL fails the handshake if an attempt is made to reuse an old session. Various clients could not reconnect after a disconnection because of this. See https://bugzilla.mozilla.org/show_bug.cgi?id=858394#c34 for a bug report.
This commit is contained in:
parent
c8729b08fb
commit
fabc3174fe
1 changed files with 1 additions and 0 deletions
|
@ -314,6 +314,7 @@ rb_init_ssl(void)
|
|||
/* Disable SSLv2, make the client use our settings */
|
||||
SSL_CTX_set_options(ssl_server_ctx, SSL_OP_NO_SSLv2 | SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_accept_all_cb);
|
||||
SSL_CTX_set_session_id_context(ssl_server_ctx, "libratbox", 9);
|
||||
|
||||
/* Set ECDHE on OpenSSL 1.00+, but make sure it's actually available because redhat are dicks
|
||||
and bastardise their OpenSSL for stupid reasons... */
|
||||
|
|
Loading…
Reference in a new issue