Disable all TLS session tickets
OpenSSL supports two types of session tickets for TLSv1.3, stateless and stateful. The option we've used only turns off stateless tickets leaving stateful tickets active. Use the new API introduced in 1.1.1 to disable all types of tickets. Backpatch to all supported versions. Reviewed-by: Heikki Linnakangas <hlinnaka@iki.fi> Reported-by: Andres Freund <andres@anarazel.de> Discussion: https://postgr.es/m/20240617173803.6alnafnxpiqvlh3g@awork3.anarazel.de Backpatch-through: v12
This commit is contained in:
Daniel Gustafsson
parent
8a1a4087bd
commit
3df7f44a8c
5 changed files with 23 additions and 6 deletions
|
|
@ -1358,7 +1358,7 @@ if test "$with_ssl" = openssl ; then
|
|||
# function was removed.
|
||||
AC_CHECK_FUNCS([CRYPTO_lock])
|
||||
# Function introduced in OpenSSL 1.1.1.
|
||||
AC_CHECK_FUNCS([X509_get_signature_info])
|
||||
AC_CHECK_FUNCS([X509_get_signature_info SSL_CTX_set_num_tickets])
|
||||
AC_DEFINE([USE_OPENSSL], 1, [Define to 1 to build with OpenSSL support. (--with-ssl=openssl)])
|
||||
elif test "$with_ssl" != no ; then
|
||||
AC_MSG_ERROR([--with-ssl must specify openssl])
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue