diff options
Diffstat (limited to 'src/common/tortls.c')
| -rw-r--r-- | src/common/tortls.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c index ddb5ea1efc..9caf9308bf 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1572,6 +1572,16 @@ tor_tls_unblock_renegotiation(tor_tls_t *tls) } } +/** If this version of openssl supports it, turn off renegotiation on + * <b>tls</b>. (Our protocol never requires this for security, but it's nice + * to use belt-and-suspenders here.) + */ +void +tor_tls_block_renegotiation(tor_tls_t *tls) +{ + tls->ssl->s3->flags &= ~SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; +} + void tor_tls_assert_renegotiation_unblocked(tor_tls_t *tls) { |