Commit be3804cb authored by fedor.brunner's avatar fedor.brunner
Browse files

Disable session resumption, protection against Triple Handshakes TLS attack.

Session resumption is currently not supported in Gajim, because
Connection.get_session, Connection.set_session are not used. But in
case someone will try to use them in future disable session cache
using Context.set_session_cache_mode(OpenSSL.SSL.SESS_CACHE_OFF)

Fixes #21
parent 359409a2
......@@ -387,6 +387,12 @@ class NonBlockingTLS(PlugIn):
tcpsock._sslContext.set_options(flags)
try: # Supported only pyOpenSSL >= 0.14
# Disable session resumption, protection against Triple Handshakes TLS attack
tcpsock._sslContext.set_session_cache_mode(OpenSSL.SSL.SESS_CACHE_OFF)
except AttributeError, e:
pass
# NonBlockingHTTPBOSH instance has no attribute _owner
if hasattr(tcpsock, '_owner') and tcpsock._owner._caller.client_cert \
and os.path.exists(tcpsock._owner._caller.client_cert):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment