Hi, > -----Original Message----- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > Sent: maandag 17 maart 2014 11:40 > Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL > context for OpenSSL builds, to disable TLS stateless session > resumption. > > On 17/03/14 11:08, Steffan Karger wrote: > > I think this should go into all releases we'll do from now on. > > > > Also, ACK on the patch. Together with SSL_SESS_CACHE_OFF, this seems > > to fully disable TLS session renegotiation and resumption. > > This patch only covers OpenSSL. Is there an equivalent for PolarSSL as > well? Or isn't it needed at all on PolarSSL?
PolarSSL disables session renegotiation by default (sane defaults ftw!), and OpenVPN does not enable it. So there's nothing to fix for PolarSSL. -Steffan
