Disable TLS renegotiation.
Client initiated renegotiation is considered to be a potential attack vector against servers. Closes #1257. Thanks to Daniele Sluijters.
This commit is contained in:
parent
44d170053d
commit
b42bb99ba6
@ -20,6 +20,8 @@ Broker:
|
||||
writing. Closes #1290.
|
||||
- Fix persistent Websockets clients not receiving messages after they
|
||||
reconnect, having sent DISCONNECT on a previous session. Closes #1227.
|
||||
- Disable TLS renegotiation. Client initiated renegotiation is considered to
|
||||
be a potential attack vector against servers. Closes #1257.
|
||||
|
||||
Client library:
|
||||
- Fix typo causing build error on Windows when building without TLS support.
|
||||
|
@ -368,6 +368,10 @@ static int mosquitto__tls_server_ctx(struct mosquitto__listener *listener)
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef SSL_OP_NO_RENEGOTIATION
|
||||
SSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_RENEGOTIATION);
|
||||
#endif
|
||||
|
||||
snprintf(buf, 256, "mosquitto-%d", listener->port);
|
||||
SSL_CTX_set_session_id_context(listener->ssl_ctx, (unsigned char *)buf, strlen(buf));
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user