Default to turning off OpenSSL SSL_OP_TLSEXT_PADDING as it breaks
compatibility with some sites This change comes from 8.15 but is being backported to FreeBSD releases not yet using 8.15. MFC after: 3 days Noted by: julian@
This commit is contained in:
parent
55b7ea0246
commit
8afab6ffc3
@ -124,6 +124,11 @@ readcf(cfname, safe, e)
|
||||
| SSL_OP_NO_TICKET
|
||||
#endif
|
||||
;
|
||||
# ifdef SSL_OP_TLSEXT_PADDING
|
||||
/* SSL_OP_TLSEXT_PADDING breaks compatibility with some sites */
|
||||
Srv_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
|
||||
Clt_SSL_Options &= ~SSL_OP_TLSEXT_PADDING;
|
||||
# endif /* SSL_OP_TLSEXT_PADDING */
|
||||
#endif /* STARTTLS */
|
||||
if (DontLockReadFiles)
|
||||
sff |= SFF_NOLOCK;
|
||||
@ -2405,6 +2410,9 @@ static struct ssl_options
|
||||
#endif
|
||||
#ifdef SSL_OP_CRYPTOPRO_TLSEXT_BUG
|
||||
{ "SSL_OP_CRYPTOPRO_TLSEXT_BUG", SSL_OP_CRYPTOPRO_TLSEXT_BUG },
|
||||
#endif
|
||||
#ifdef SSL_OP_TLSEXT_PADDING
|
||||
{ "SSL_OP_TLSEXT_PADDING", SSL_OP_TLSEXT_PADDING },
|
||||
#endif
|
||||
{ NULL, 0 }
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user