Loading apps/s_server.c +0 −7 Original line number Diff line number Diff line Loading @@ -1058,7 +1058,6 @@ int MAIN(int argc, char *argv[]) EVP_PKEY *s_key = NULL, *s_dkey = NULL; int no_cache = 0, ext_cache = 0; int rev = 0, naccept = -1; int c_no_resumption_on_reneg = 0; #ifndef OPENSSL_NO_TLSEXT EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; Loading Loading @@ -1183,10 +1182,6 @@ int MAIN(int argc, char *argv[]) c_auth = 1; } #endif else if (strcmp(*argv, "-no_resumption_on_reneg") == 0) { c_no_resumption_on_reneg = 1; } else if (strcmp(*argv,"-auth_require_reneg") == 0) { c_auth_require_reneg = 1; Loading Loading @@ -1963,8 +1958,6 @@ bad: } #endif if (c_no_resumption_on_reneg) SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) goto end; #ifndef OPENSSL_NO_TLSEXT Loading doc/ssl/SSL_CONF_cmd.pod +7 −0 Original line number Diff line number Diff line Loading @@ -133,6 +133,10 @@ Use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. =item B<-no_resumption_on_reneg> set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers. =item B<-legacyrenegotiation> permits the use of unsafe legacy renegotiation. Equivalent to setting Loading Loading @@ -292,6 +296,9 @@ determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. B<NoResumptionOnRenegotiation> set B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers. B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation. Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. Loading ssl/ssl_conf.c +2 −0 Original line number Diff line number Diff line Loading @@ -212,6 +212,7 @@ static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd) SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_SRV("no_resumption_on_reneg", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT), #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL Loading Loading @@ -355,6 +356,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("Bugs", SSL_OP_ALL), SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION), SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE), SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE), SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), Loading Loading
apps/s_server.c +0 −7 Original line number Diff line number Diff line Loading @@ -1058,7 +1058,6 @@ int MAIN(int argc, char *argv[]) EVP_PKEY *s_key = NULL, *s_dkey = NULL; int no_cache = 0, ext_cache = 0; int rev = 0, naccept = -1; int c_no_resumption_on_reneg = 0; #ifndef OPENSSL_NO_TLSEXT EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; Loading Loading @@ -1183,10 +1182,6 @@ int MAIN(int argc, char *argv[]) c_auth = 1; } #endif else if (strcmp(*argv, "-no_resumption_on_reneg") == 0) { c_no_resumption_on_reneg = 1; } else if (strcmp(*argv,"-auth_require_reneg") == 0) { c_auth_require_reneg = 1; Loading Loading @@ -1963,8 +1958,6 @@ bad: } #endif if (c_no_resumption_on_reneg) SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION); if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) goto end; #ifndef OPENSSL_NO_TLSEXT Loading
doc/ssl/SSL_CONF_cmd.pod +7 −0 Original line number Diff line number Diff line Loading @@ -133,6 +133,10 @@ Use server and not client preference order when determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. =item B<-no_resumption_on_reneg> set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers. =item B<-legacyrenegotiation> permits the use of unsafe legacy renegotiation. Equivalent to setting Loading Loading @@ -292,6 +296,9 @@ determining which cipher suite, signature algorithm or elliptic curve to use for an incoming connection. Equivalent to B<SSL_OP_CIPHER_SERVER_PREFERENCE>. Only used by servers. B<NoResumptionOnRenegotiation> set B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> flag. Only used by servers. B<UnsafeLegacyRenegotiation> permits the use of unsafe legacy renegotiation. Equivalent to B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>. Loading
ssl/ssl_conf.c +2 −0 Original line number Diff line number Diff line Loading @@ -212,6 +212,7 @@ static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd) SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL("legacy_renegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), SSL_FLAG_TBL_SRV("legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_SRV("no_resumption_on_reneg", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", SSL_OP_LEGACY_SERVER_CONNECT), SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT), #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL Loading Loading @@ -355,6 +356,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("Bugs", SSL_OP_ALL), SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION), SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE), SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE), SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE), SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), Loading
