diff options
| author | corvid <devnull@localhost> | 2016-07-07 23:02:05 +0000 |
|---|---|---|
| committer | corvid <devnull@localhost> | 2016-07-07 23:02:05 +0000 |
| commit | 033686149a95ebc5ee1473a11b57d6bf93202f96 (patch) | |
| tree | 75709da4f453273a2b834eaa99a0c4762aa11481 /src | |
| parent | 205dedab8404014182e48e3af477c6fc7d41066c (diff) | |
MBEDTLS_SSL_SESSION_TICKETS_DISABLED
Diffstat (limited to 'src')
| -rw-r--r-- | src/IO/tls.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/IO/tls.c b/src/IO/tls.c index 905abe26..c6b04b8f 100644 --- a/src/IO/tls.c +++ b/src/IO/tls.c @@ -383,6 +383,13 @@ void a_Tls_init(void) MBEDTLS_SSL_PRESET_DEFAULT); mbedtls_ssl_conf_cert_profile(&ssl_conf, &prof); + /* + * There are security concerns surrounding session tickets -- + * wrecking forward security, for instance. + */ + mbedtls_ssl_conf_session_tickets(&ssl_conf, + MBEDTLS_SSL_SESSION_TICKETS_DISABLED); + Tls_remove_psk_ciphersuites(); mbedtls_x509_crt_init(&cacerts); /* trusted root certificates */ |