CVSROOT: /cvs Module name: src Changes by: r...@cvs.openbsd.org 2017/02/02 01:24:16
Modified files: usr.sbin/relayd: relay.c relayd.conf.5 relayd.h Log message: Disable client-initiated TLS renegotiation by default. It is rarely needed and imposes a light DoS risk. LibreSSL's libssl allows to turn it off with a simple SSL_OP_NO_CLIENT_RENEGOTIATION option instead of the complicated implementation that was used before. It now turns it off completely instead of allowing one initial client-initiated renegotiation. It can still be enabled with "tls client-renegotiation". ok benno@ beck@ jsing@