From 2fd0cbe1d34cb089044e11b51aaaedf8aab69a8f Mon Sep 17 00:00:00 2001
From: Fedor Brunner <fedor.brunner@azet.sk>
Date: Wed, 29 Jan 2014 14:12:10 +0100
Subject: [PATCH] Disable TLS tickets (RFC 5077) in OpenSSL Context for XTLS.

More on the effect of TLS tickets:
https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf

Fixes #7638
---
 src/common/jingle_xtls.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/common/jingle_xtls.py b/src/common/jingle_xtls.py
index 5af585903c..a551402528 100644
--- a/src/common/jingle_xtls.py
+++ b/src/common/jingle_xtls.py
@@ -99,7 +99,8 @@ def get_context(fingerprint, verify_cb=None, remote_jid=None):
     constructs and returns the context objects
     """
     ctx = SSL.Context(SSL.SSLv23_METHOD)
-    flags = (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_SINGLE_DH_USE)
+    flags = (SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_SINGLE_DH_USE \
+             | SSL.OP_NO_TICKET)
     ctx.set_options(flags)
     ctx.set_cipher_list('HIGH:!aNULL:!3DES')
 
-- 
GitLab