Default to turning off OpenSSL SSL_OP_TLSEXT_PADDING as it breaks
compatibility with some sites This change comes from 8.15 but is being backported to FreeBSD releases not yet using 8.15. MFC after: 3 days Noted by: julian@
This commit is contained in:
parent
cb5c792950
commit
0232255f90
@ -124,6 +124,11 @@ readcf(cfname, safe, e)
|
|||||||
| SSL_OP_NO_TICKET
|
| SSL_OP_NO_TICKET
|
||||||
#endif
|
#endif
|
||||||
;
|
;
|
||||||
|
# ifdef SSL_OP_TLSEXT_PADDING
|
||||||
|
/* SSL_OP_TLSEXT_PADDING breaks compatibility with some sites */
|
||||||
|
Srv_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
|
||||||
|
Clt_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
|
||||||
|
# endif /* SSL_OP_TLSEXT_PADDING */
|
||||||
#endif /* STARTTLS */
|
#endif /* STARTTLS */
|
||||||
if (DontLockReadFiles)
|
if (DontLockReadFiles)
|
||||||
sff |= SFF_NOLOCK;
|
sff |= SFF_NOLOCK;
|
||||||
@ -2405,6 +2410,9 @@ static struct ssl_options
|
|||||||
#endif
|
#endif
|
||||||
#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG
|
#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG
|
||||||
{ "SSL_OP_CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG },
|
{ "SSL_OP_CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG },
|
||||||
|
#endif
|
||||||
|
#ifdef SSL_OP_TLSEXT_PADDING
|
||||||
|
{ "SSL_OP_TLSEXT_PADDING", SSL_OP_TLSEXT_PADDING },
|
||||||
#endif
|
#endif
|
||||||
{ NULL, 0 }
|
{ NULL, 0 }
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user