rpms / spice

Clone
Source Code
GIT

Blame SOURCES/0008-OpenSSL-1.1-disable-client-side-renegotiation.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s
  1.   71f8a68026e33053ae05b98d28fe43627000d108
  2.   SOURCES
  3.   0008-OpenSSL-1.1-disable-client-side-renegotiation.patch
Blob History Raw
71f8a6 
From ca5bbc5692e052159bce1a75f55dc60b36078749 Mon Sep 17 00:00:00 2001
71f8a6 
From: =?UTF-8?q?Julien=20Rop=C3=A9?= <jrope@redhat.com>
71f8a6 
Date: Wed, 2 Dec 2020 13:39:27 +0100
71f8a6 
Subject: [PATCH 1/2] With OpenSSL 1.1: Disable client-initiated renegotiation.
71f8a6 
MIME-Version: 1.0
71f8a6 
Content-Type: text/plain; charset=UTF-8
71f8a6 
Content-Transfer-Encoding: 8bit
71f8a6
71f8a6 
Fixes issue #49
71f8a6 
Fixes BZ#1904459
71f8a6
71f8a6 
Signed-off-by: Julien Ropé <jrope@redhat.com>
71f8a6 
Reported-by: BlackKD
71f8a6 
Acked-by: Frediano Ziglio <fziglio@redhat.com>
71f8a6 
---
71f8a6 
 server/reds.cpp | 4 ++++
71f8a6 
 1 file changed, 4 insertions(+)
71f8a6
71f8a6 
diff --git a/server/reds.cpp b/server/reds.cpp
71f8a6 
index fe69508e..f61086cb 100644
71f8a6 
--- a/server/reds.c
71f8a6 
+++ b/server/reds.c
71f8a6 
@@ -2862,6 +2862,10 @@ static int reds_init_ssl(RedsState *reds)
71f8a6 
      * When some other SSL/TLS version becomes obsolete, add it to this
71f8a6 
      * variable. */
71f8a6 
     long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
71f8a6 
+#ifdef SSL_OP_NO_RENEGOTIATION
71f8a6 
+    // With OpenSSL 1.1: Disable all renegotiation in TLSv1.2 and earlier
71f8a6 
+    ssl_options |= SSL_OP_NO_RENEGOTIATION;
71f8a6 
+#endif
71f8a6
71f8a6 
     /* Global system initialization*/
71f8a6 
     openssl_global_init();
71f8a6 
--
71f8a6 
2.29.2
71f8a6

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation