Home Explore Help
Register Sign In
OWEALs
/
ustream-ssl
mirror of https://git.openwrt.org/project/ustream-ssl.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

ustream-openssl: Disable renegotiation in TLSv1.2 and earlier

This fixes CVE-2011-1473 and CVE-2011-5094 by disabling renegotiation in
TLSv1.2 and earlier for server context.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Martin Schiller 1 year ago
parent
2ce1d482e9
commit
9217ab4653
1 changed files with 6 additions and 0 deletions
Split View Show Diff Stats
  1. 6 0
      ustream-openssl.c

+ 6 - 0
ustream-openssl.c
View File 

@@ -157,6 +157,12 @@ __ustream_ssl_context_new(bool server)
 
 		SSL_CTX_set_options(c, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
 
 				       SSL_OP_NO_TLSv1_1);
 
 #endif
 
+#if defined(HAVE_WOLFSSL)
 
+		SSL_CTX_set_options(c, SSL_AD_NO_RENEGOTIATION);
 
+#else
 
+		SSL_CTX_set_options(c, SSL_OP_NO_RENEGOTIATION);
 
+#endif
 
+
 
 		SSL_CTX_set_cipher_list(c, server_cipher_list);
 
 	} else {
 
 		SSL_CTX_set_cipher_list(c, client_cipher_list);