aniani/icecast-server
1
0
Fork 0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2024-06-23 06:25:24 +00:00
Code

Fix: Disable TLSv1.2 renegotiation

Browse Source 
It had already issues in the past and there occured again an
issue with it in OpenSSL recently (CVE-2021-3449).

Other projects like nginx and apache httpd disable renegotiation
too and I do not really see any benefit supporting it for Icecast,
as its uses seems rather obscure.
This commit is contained in:
Marvin Scholz 2021-05-08 17:06:01 +02:00
parent 355d7e976b
commit a238cf040a
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/tls.c
View File

@ -91,6 +91,11 @@ tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *
SSL_CTX_set_min_proto_version(ctx->ctx, TLS1_VERSION);
#endif
#ifdef SSL_OP_NO_RENEGOTIATION
// Disable TLSv1.2 renegotiation
ssl_opts |= SSL_OP_NO_RENEGOTIATION;
#endif
#ifdef SSL_OP_NO_COMPRESSION
ssl_opts |= SSL_OP_NO_COMPRESSION; // Never use compression
#endif