From 033686149a95ebc5ee1473a11b57d6bf93202f96 Mon Sep 17 00:00:00 2001
From: corvid <devnull@localhost>
Date: Thu, 7 Jul 2016 23:02:05 +0000
Subject: MBEDTLS_SSL_SESSION_TICKETS_DISABLED

---
 src/IO/tls.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/IO/tls.c')

diff --git a/src/IO/tls.c b/src/IO/tls.c
index 905abe26..c6b04b8f 100644
--- a/src/IO/tls.c
+++ b/src/IO/tls.c
@@ -383,6 +383,13 @@ void a_Tls_init(void)
                                MBEDTLS_SSL_PRESET_DEFAULT);
    mbedtls_ssl_conf_cert_profile(&ssl_conf, &prof);
 
+   /*
+    * There are security concerns surrounding session tickets --
+    * wrecking forward security, for instance.
+    */
+   mbedtls_ssl_conf_session_tickets(&ssl_conf,
+                                    MBEDTLS_SSL_SESSION_TICKETS_DISABLED);
+
    Tls_remove_psk_ciphersuites();
 
    mbedtls_x509_crt_init(&cacerts);   /* trusted root certificates */
-- 
cgit v1.2.3