NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit9333174

committed

Fix regression in TLS session ticket disabling

Commit274bbce disabled session tickets for TLSv1.3 on top of thealready disabled TLSv1.2 session tickets, but accidentally causeda regression where TLSv1.2 session tickets were incorrectly sent.Fix by unconditionally disabling TLSv1.2 session tickets and onlydisable TLSv1.3 tickets when the right version of OpenSSL is used.Backpatch to all supported branches.Reported-by: Cameron Vogt <cvogt@automaticcontrols.net>Reported-by: Fire Emerald <fire.github@gmail.com>Reviewed-by: Jacob Champion <jacob.champion@enterprisedb.com>Discussion:https://postgr.es/m/DM6PR16MB3145CF62857226F350C710D1AB852@DM6PR16MB3145.namprd16.prod.outlook.comBackpatch-through: v12

1 parent283964e commit9333174Copy full SHA for 9333174

File tree

1 file changed

-2

lines changed

src/backend/libpq
- be-secure-openssl.c

1 file changed

-2

lines changed

`‎src/backend/libpq/be-secure-openssl.c`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -263,9 +263,8 @@ be_tls_init(bool isServerStart)`
`263`	`263`	`*/`
`264`	`264`	`#ifdefHAVE_SSL_CTX_SET_NUM_TICKETS`
`265`	`265`	`SSL_CTX_set_num_tickets(context,0);`
`266`		`-#else`
`267`		`-SSL_CTX_set_options(context,SSL_OP_NO_TICKET);`
`268`	`266`	`#endif`
	`267`	`+SSL_CTX_set_options(context,SSL_OP_NO_TICKET);`
`269`	`268`
`270`	`269`	`/* disallow SSL session caching, too */`
`271`	`270`	`SSL_CTX_set_session_cache_mode(context,SSL_SESS_CACHE_OFF);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit9333174

File tree

1 file changed

1 file changed

`‎src/backend/libpq/be-secure-openssl.c`

0 commit comments