From baa9fcf820b5f17334932c45d98341620712abc1 Mon Sep 17 00:00:00 2001 From: Seva <seva@binarytrails.net> Date: Thu, 22 Aug 2019 17:36:30 -0400 Subject: [PATCH] dhtproxy: disable renegotiation only if supported --- src/dht_proxy_server.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/dht_proxy_server.cpp b/src/dht_proxy_server.cpp index e45e0a18..1f935716 100644 --- a/src/dht_proxy_server.cpp +++ b/src/dht_proxy_server.cpp @@ -230,7 +230,9 @@ DhtProxyServer::DhtProxyServer( if (ec) throw std::runtime_error("Error setting tls context options: " + ec.message()); // add more security options +#ifdef SSL_OP_NO_RENEGOTIATION SSL_CTX_set_options(tls_context.native_handle(), SSL_OP_NO_RENEGOTIATION); // CVE-2009-3555 +#endif // node private key auto pk = identity.first->serialize(); pk_ = std::make_unique<asio::const_buffer>(static_cast<void*>(pk.data()), (std::size_t) pk.size()); -- GitLab