1
0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2024-12-04 14:46:30 -05:00

Fix: Disable TLSv1.2 renegotiation

It had already issues in the past and there occured again an
issue with it in OpenSSL recently (CVE-2021-3449).

Other projects like nginx and apache httpd disable renegotiation
too and I do not really see any benefit supporting it for Icecast,
as its uses seems rather obscure.
This commit is contained in:
Marvin Scholz 2021-05-08 17:06:01 +02:00
parent 355d7e976b
commit a238cf040a

View File

@ -91,6 +91,11 @@ tls_ctx_t *tls_ctx_new(const char *cert_file, const char *key_file, const char *
SSL_CTX_set_min_proto_version(ctx->ctx, TLS1_VERSION);
#endif
#ifdef SSL_OP_NO_RENEGOTIATION
// Disable TLSv1.2 renegotiation
ssl_opts |= SSL_OP_NO_RENEGOTIATION;
#endif
#ifdef SSL_OP_NO_COMPRESSION
ssl_opts |= SSL_OP_NO_COMPRESSION; // Never use compression
#endif