fix #3763: disable renegotiation

requires openssl crate with fix[0], like our packaged one. 0: https://github.com/sfackler/rust-openssl/pull/1584 Tested-by: Stoiko Ivanov s.ivanov@proxmox.com Reviewed-by: Stoiko Ivanov s.ivanov@proxmox.com Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-12-15 15:18:36 +01:00
parent f30ada6bbe
commit a0c69902c8
2 changed files with 2 additions and 1 deletions
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@ -348,6 +348,7 @@ fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
        .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
    acceptor.set_certificate_chain_file(cert_path)
        .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
+    acceptor.set_options(openssl::ssl::SslOptions::NO_RENEGOTIATION);
    acceptor.check_private_key().unwrap();

    Ok(acceptor.build())