tyler.durden/icinga2
1
0
Fork 0
mirror of https://github.com/Icinga/icinga2.git synced 2025-09-23 17:57:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Disable TLS renegotiation if supported

Browse Source 
The API doesn't need it and a customer's security scanner
is afraid of a potential DoS attack vector.
This commit is contained in:
Alexander A. Klimov 2023-11-24 16:37:04 +01:00
parent 2d167ccd28
commit f95c4d302a
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/base/tlsutility.cpp
View File

@ -91,6 +91,10 @@ static void InitSslContext(const Shared<boost::asio::ssl::context>::Ptr& context
flags |= SSL_OP_CIPHER_SERVER_PREFERENCE;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
flags |= SSL_OP_NO_RENEGOTIATION;
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
SSL_CTX_set_options(sslContext, flags);
SSL_CTX_set_mode(sslContext, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);