changeset 4632:0b994c048932

MBEDTLS_SSL_SESSION_TICKETS_DISABLED
author corvid
date Do, 07 Jul 2016 23:02:05 +0000
parents 7b560d2b5e4b
children ff7b186fdf93
files src/IO/tls.c
diffstat 1 files changed, 7 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/IO/tls.c	Do Jul 07 15:27:55 2016 +0000
+++ b/src/IO/tls.c	Do Jul 07 23:02:05 2016 +0000
@@ -383,6 +383,13 @@
                                MBEDTLS_SSL_PRESET_DEFAULT);
    mbedtls_ssl_conf_cert_profile(&ssl_conf, &prof);
 
+   /*
+    * There are security concerns surrounding session tickets --
+    * wrecking forward security, for instance.
+    */
+   mbedtls_ssl_conf_session_tickets(&ssl_conf,
+                                    MBEDTLS_SSL_SESSION_TICKETS_DISABLED);
+
    Tls_remove_psk_ciphersuites();
 
    mbedtls_x509_crt_init(&cacerts);   /* trusted root certificates */