Disable TLS renegotiation.
Client initiated renegotiation is considered to be a potential attack vector against servers. Closes #1257. Thanks to Daniele Sluijters.
This commit is contained in:
parent
44d170053d
commit
b42bb99ba6
@ -20,6 +20,8 @@ Broker:
|
|||||||
writing. Closes #1290.
|
writing. Closes #1290.
|
||||||
- Fix persistent Websockets clients not receiving messages after they
|
- Fix persistent Websockets clients not receiving messages after they
|
||||||
reconnect, having sent DISCONNECT on a previous session. Closes #1227.
|
reconnect, having sent DISCONNECT on a previous session. Closes #1227.
|
||||||
|
- Disable TLS renegotiation. Client initiated renegotiation is considered to
|
||||||
|
be a potential attack vector against servers. Closes #1257.
|
||||||
|
|
||||||
Client library:
|
Client library:
|
||||||
- Fix typo causing build error on Windows when building without TLS support.
|
- Fix typo causing build error on Windows when building without TLS support.
|
||||||
|
@ -368,6 +368,10 @@ static int mosquitto__tls_server_ctx(struct mosquitto__listener *listener)
|
|||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef SSL_OP_NO_RENEGOTIATION
|
||||||
|
SSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_RENEGOTIATION);
|
||||||
|
#endif
|
||||||
|
|
||||||
snprintf(buf, 256, "mosquitto-%d", listener->port);
|
snprintf(buf, 256, "mosquitto-%d", listener->port);
|
||||||
SSL_CTX_set_session_id_context(listener->ssl_ctx, (unsigned char *)buf, strlen(buf));
|
SSL_CTX_set_session_id_context(listener->ssl_ctx, (unsigned char *)buf, strlen(buf));
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user