diff options
| author | Glenn Strauss <gstrauss@gluelogic.com> | 2022-10-16 06:14:32 -0400 |
|---|---|---|
| committer | Glenn Strauss <gstrauss@gluelogic.com> | 2022-10-16 06:14:32 -0400 |
| commit | a0df908a468184a06a936651210edad0d58aa771 (patch) | |
| tree | dcafef7f394940c8e2c7f02c22a74a5d1af4706c /src/mod_mbedtls.c | |
| parent | ec781984288d9bd1ed750a8133b65ab48a7ec768 (diff) | |
| download | lighttpd-git-a0df908a468184a06a936651210edad0d58aa771.tar.gz | |
[mod_mbedtls] config renegotiation;not recommended
configuring renegotiation (not recommended)
Diffstat (limited to 'src/mod_mbedtls.c')
| -rw-r--r-- | src/mod_mbedtls.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/mod_mbedtls.c b/src/mod_mbedtls.c index 648c4e7c..7d6d94e6 100644 --- a/src/mod_mbedtls.c +++ b/src/mod_mbedtls.c @@ -2459,13 +2459,12 @@ CONNECTION_FUNC(mod_mbedtls_handle_con_accept) /* (mbedtls_ssl_config *) is shared across multiple connections, which may * overlap, and so renegotiation setting is not reset upon connection close. * Once enabled, renegotiation will remain so for this mbedtls_ssl_config. - * mbedtls defaults to disable client renegotiation - * (MBEDTLS_LEGACY_SSL_RENEGOTIATION_DISABLED) + * mbedtls defaults to disable client renegotiation (unless secure) * and it is recommended to leave it disabled (lighttpd mbedtls default) */ - #ifdef MBEDTLS_LEGACY_SSL_RENEGOTIATION_ENABLED + #ifdef MBEDTLS_SSL_RENEGOTIATION if (!hctx->conf.ssl_disable_client_renegotiation) - mbedtls_legacy_ssl_conf_renegotiation(hctx->ssl_ctx, - MBEDTLS_LEGACY_SSL_RENEGOTIATION_ENABLED); + mbedtls_ssl_conf_legacy_renegotiation(hctx->ssl_ctx, + MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION); #endif return HANDLER_GO_ON; |