summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAttila Molnar <attilamolnar@hush.com>2014-10-10 14:15:37 +0200
committerAttila Molnar <attilamolnar@hush.com>2014-10-10 14:15:37 +0200
commitb4dc9d871cd8c7817c6dff17c76b66e989712ffc (patch)
treebc89a275861c991aac3c353b4c21434969dd300c
parent9179e51e513587cddd4c4171f0ad74c8f5bf052e (diff)
m_ssl_openssl Disable session caching and session tickets
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 081b0153e..37d2a9cdf 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -128,14 +128,17 @@ class ModuleSSLOpenSSL : public Module
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify);
SSL_CTX_set_verify(clictx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify);
- const unsigned char session_id[] = "inspircd";
- SSL_CTX_set_session_id_context(ctx, session_id, sizeof(session_id) - 1);
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+ SSL_CTX_set_session_cache_mode(clictx, SSL_SESS_CACHE_OFF);
long opts = SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE;
// Only turn options on if they exist
#ifdef SSL_OP_SINGLE_ECDH_USE
opts |= SSL_OP_SINGLE_ECDH_USE;
#endif
+#ifdef SSL_OP_NO_TICKET
+ opts |= SSL_OP_NO_TICKET;
+#endif
SSL_CTX_set_options(ctx, opts);
SSL_CTX_set_options(clictx, opts);