upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Fix #1303: [FR] Disable TLSv1.2.

Browse source
This commit is contained in:
W.C.A. Wijngaards 2025-07-17 14:50:13 +02:00
parent b58af78b63
commit b6e52c0a52
2 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/Changelog
View file

@ -1,5 +1,6 @@
17 July 2025: Wouter 17 July 2025: Wouter
- Fix to not set rlimits in the unit tests. - Fix to not set rlimits in the unit tests.
- Fix #1303: [FR] Disable TLSv1.2.
16 July 2025: Wouter 16 July 2025: Wouter
- Fix for RebirthDay Attack CVE-2025-5994, reported by Xiang Li - Fix for RebirthDay Attack CVE-2025-5994, reported by Xiang Li

8
util/net_help.c
View file

@ -1259,6 +1259,14 @@ listen_sslctx_setup(void* ctxt)
return 0; return 0;
} }
#endif #endif
#if defined(SSL_OP_NO_TLSv1_2) && defined(SSL_OP_NO_TLSv1_3)
/* if we have tls 1.3 disable 1.2 */
if((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) & SSL_OP_NO_TLSv1_2)
!= SSL_OP_NO_TLSv1_2){
log_crypto_err("could not set SSL_OP_NO_TLSv1_2");
return 0;
}
#endif
#if defined(SSL_OP_NO_RENEGOTIATION) #if defined(SSL_OP_NO_RENEGOTIATION)
/* disable client renegotiation */ /* disable client renegotiation */
if((SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION) & if((SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION) &