Commit 7774ff10 authored by fedor.brunner's avatar fedor.brunner

Disable TLS tickets (RFC 5077) in OpenSSL Context for XTLS.

More on the effect of TLS tickets:
https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf

Fixes #7638
parent 840154e8
......@@ -99,7 +99,8 @@ def get_context(fingerprint, verify_cb=None, remote_jid=None):
constructs and returns the context objects
"""
ctx = SSL.Context(SSL.SSLv23_METHOD)
flags = (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_SINGLE_DH_USE)
flags = (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_SINGLE_DH_USE \
| SSL.OP_NO_TICKET)
ctx.set_options(flags)
ctx.set_cipher_list('HIGH:!aNULL:!3DES')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment