arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-25 20:02:37 +03:00
Code

Added BR_OPT_NO_RENEGOTIATION flag to forbid TLS renegociation (#6165)

Browse Source
This commit is contained in:
s-hadinger 2019-05-30 15:43:45 +02:00 committed by Earle F. Philhower, III
parent 455583b40f
commit 69311c8fe1
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
View File

@ -827,6 +827,7 @@ extern "C" {
uint16_t suites[cipher_cnt]; uint16_t suites[cipher_cnt];
memcpy_P(suites, cipher_list, cipher_cnt * sizeof(cipher_list[0])); memcpy_P(suites, cipher_list, cipher_cnt * sizeof(cipher_list[0]));
br_ssl_client_zero(cc); br_ssl_client_zero(cc);
br_ssl_engine_add_flags(&cc->eng, BR_OPT_NO_RENEGOTIATION); // forbid SSL renegociation, as we free the Private Key after handshake
br_ssl_engine_set_versions(&cc->eng, BR_TLS10, BR_TLS12); br_ssl_engine_set_versions(&cc->eng, BR_TLS10, BR_TLS12);
br_ssl_engine_set_suites(&cc->eng, suites, (sizeof suites) / (sizeof suites[0])); br_ssl_engine_set_suites(&cc->eng, suites, (sizeof suites) / (sizeof suites[0]));
br_ssl_client_set_default_rsapub(cc); br_ssl_client_set_default_rsapub(cc);