Checkout
Joe Orton
committed
on 10 Nov 04
Backport fix for CAN-2004-0885:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
correct cipher suite has been negotiated… Show more
Backport fix for CAN-2004-0885:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a

correct cipher suite has been negotiated, else deny access.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL

0.9.7, prevent session resumption during a renegotiation to force the

client to negotiate a new (and acceptable) cipher suite.

PR: 31505

Submitted by: Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton

Reviewed by: jorton, pquerna, minfrin, wrowe

Show less