diff options
author | Todd Short <tshort@akamai.com> | 2017-05-10 16:46:14 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-06-06 22:39:41 +0100 |
commit | db0f35dda18403accabe98e7780f3dfc516f49de (patch) | |
tree | 68a7b32f8f99c5624e2d0bb1089f6bf34047f01f /ssl/ssl_conf.c | |
parent | 270d65fa34caa974fb27c9b161b0c9b6cd806c76 (diff) |
Fix #2400 Add NO_RENEGOTIATE option
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3432)
Diffstat (limited to 'ssl/ssl_conf.c')
-rw-r--r-- | ssl/ssl_conf.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 484bb61feb..41c7ff7d83 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -358,6 +358,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC), + SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION), }; if (value == NULL) return -3; @@ -573,6 +574,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0), SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_SERVER), + SSL_CONF_CMD_SWITCH("no_renegotiation", 0), SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("strict", 0), @@ -639,6 +641,8 @@ static const ssl_switch_tbl ssl_cmd_switches[] = { {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0}, /* legacy_server_connect */ {SSL_OP_LEGACY_SERVER_CONNECT, 0}, + /* no_renegotiation */ + {SSL_OP_NO_RENEGOTIATION, 0}, /* no_resumption_on_reneg */ {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0}, /* no_legacy_server_connect */ |