copyleftie
/
gajim-plural
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable TLS tickets (RFC 5077) in OpenSSL Context for XTLS. 

More on the effect of TLS tickets:
https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf

Fixes #7638
This commit is contained in:
Fedor Brunner 2014-01-29 14:12:10 +01:00
parent 3b629a52d2
commit 2fd0cbe1d3
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/common/jingle_xtls.py
View File

@ -99,7 +99,8 @@ def get_context(fingerprint, verify_cb=None, remote_jid=None):
constructs and returns the context objects constructs and returns the context objects
""" """
ctx = SSL.Context(SSL.SSLv23_METHOD) ctx = SSL.Context(SSL.SSLv23_METHOD)
flags = (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_SINGLE_DH_USE) flags = (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_SINGLE_DH_USE \
| SSL.OP_NO_TICKET)
ctx.set_options(flags) ctx.set_options(flags)
ctx.set_cipher_list('HIGH:!aNULL:!3DES') ctx.set_cipher_list('HIGH:!aNULL:!3DES')