aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPřemysl Janouch <p.janouch@gmail.com>2018-01-09 06:25:16 +0100
committerPřemysl Janouch <p.janouch@gmail.com>2018-01-09 06:25:16 +0100
commit19400ee8b7da6138e74a5dfc86547306ec55dc2d (patch)
tree524ea56e3f0eca5c7f714a12482719b4e259d2f4
parent674ffb2f6dfc750bb719e7e90d8f03ba8d23d7e4 (diff)
downloadxK-19400ee8b7da6138e74a5dfc86547306ec55dc2d.tar.gz
xK-19400ee8b7da6138e74a5dfc86547306ec55dc2d.tar.xz
xK-19400ee8b7da6138e74a5dfc86547306ec55dc2d.zip
kike: disable TLS session reuse
-rw-r--r--kike.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/kike.c b/kike.c
index dfd896f..33d80f4 100644
--- a/kike.c
+++ b/kike.c
@@ -3544,6 +3544,9 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
(void) SSL_CTX_set_session_id_context (ctx->ssl_ctx,
session_id_context, sizeof session_id_context);
+ // IRC is not particularly reconnect-heavy, prefer forward secrecy
+ SSL_CTX_set_session_cache_mode (ctx->ssl_ctx, SSL_SESS_CACHE_OFF);
+
// Gah, spare me your awkward semantics, I just want to push data!
SSL_CTX_set_mode (ctx->ssl_ctx,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);