From 2fd0cbe1d34cb089044e11b51aaaedf8aab69a8f Mon Sep 17 00:00:00 2001 From: Fedor Brunner Date: Wed, 29 Jan 2014 14:12:10 +0100 Subject: [PATCH] Disable TLS tickets (RFC 5077) in OpenSSL Context for XTLS. More on the effect of TLS tickets: https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf Fixes #7638 --- src/common/jingle_xtls.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/common/jingle_xtls.py b/src/common/jingle_xtls.py index 5af585903..a55140252 100644 --- a/src/common/jingle_xtls.py +++ b/src/common/jingle_xtls.py @@ -99,7 +99,8 @@ def get_context(fingerprint, verify_cb=None, remote_jid=None): constructs and returns the context objects """ ctx = SSL.Context(SSL.SSLv23_METHOD) - flags = (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_SINGLE_DH_USE) + flags = (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_SINGLE_DH_USE \ + | SSL.OP_NO_TICKET) ctx.set_options(flags) ctx.set_cipher_list('HIGH:!aNULL:!3DES')