Hi!
SSL_CTX_new currently contains:
/* Setup RFC4507 ticket keys */
if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
|| (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
|| (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
ret->options |= SSL_OP_NO_TICKET;
followed by:
/* Default is to connect to non-RI servers. When RI is more widely
* deployed might change this.
*/
ret->options = SSL_OP_LEGACY_SERVER_CONNECT;
So even if SSL_OP_NO_TICKET is set, it should be unset again due to a
SSL_OP_LEGACY_SERVER_CONNECT default.
Will SSL_OP_LEGACY_SERVER_CONNECT remain part of SSL_OP_ALL once
SSL_OP_LEGACY_SERVER_CONNECT is no longer default?
--
Tomas Hoger
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
