Merge pull request #1718 from tgurr/sslrenegotiation

Disable SSL/TLS renegotiation
2025-07-20 16:48:46 +00:00 · 2025-07-07 17:20:37 +10:00
parent 72014ab2d7 76bf648f94
commit 0f721a17ae
1 changed files with 4 additions and 0 deletions
--- a/miniserv.pl
+++ b/miniserv.pl
@ -4769,6 +4769,10 @@ if ($config{'ssl_honorcipherorder'}) {
 		&Net::SSLeay::OP_CIPHER_SERVER_PREFERENCE)';
 	}

+# Disable TLS renegotiation when possible, OpenSSL >= 1.1.0h
+eval 'Net::SSLeay::CTX_set_options($ssl_ctx,
+        &Net::SSLeay::OP_NO_RENEGOTIATION)';
+
 return { 'keyfile' => $keyfile,
 	 'keytime' => $kst[9],
 	 'certfile' => $certfile,