pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-26 14:41:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

With OpenSSL 1.1: Disable client-initiated renegotiation.

Browse Source 
Fixes issue #49
Fixes BZ#1904459

Signed-off-by: Julien Ropé <jrope@redhat.com>
Reported-by: BlackKD
Acked-by: Frediano Ziglio <fziglio@redhat.com>
This commit is contained in:
Julien Ropé 2020-12-02 13:39:27 +01:00 committed by Frediano Ziglio
parent 7da855b6f3
commit ca5bbc5692
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/reds.cpp
View File

@ -2753,6 +2753,10 @@ static int reds_init_ssl(RedsState *reds)
* When some other SSL/TLS version becomes obsolete, add it to this
* variable. */
long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
#ifdef SSL_OP_NO_RENEGOTIATION
// With OpenSSL 1.1: Disable all renegotiation in TLSv1.2 and earlier
ssl_options |= SSL_OP_NO_RENEGOTIATION;
#endif
/* Global system initialization*/
openssl_global_init();