kike: disable TLS session reuse

author: Přemysl Janouch <p.janouch@gmail.com> 2018-01-09 06:25:16 +0100
committer: Přemysl Janouch <p.janouch@gmail.com> 2018-01-09 06:25:16 +0100
commit: 19400ee8b7da6138e74a5dfc86547306ec55dc2d (patch)
tree: 524ea56e3f0eca5c7f714a12482719b4e259d2f4 /kike.c
parent: 674ffb2f6dfc750bb719e7e90d8f03ba8d23d7e4 (diff)
download: xK-19400ee8b7da6138e74a5dfc86547306ec55dc2d.tar.gz
xK-19400ee8b7da6138e74a5dfc86547306ec55dc2d.tar.xz
xK-19400ee8b7da6138e74a5dfc86547306ec55dc2d.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/kike.c b/kike.c
index dfd896f..33d80f4 100644
--- a/kike.c
+++ b/kike.c
@@ -3544,6 +3544,9 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
 	(void) SSL_CTX_set_session_id_context (ctx->ssl_ctx,
 		session_id_context, sizeof session_id_context);
 
+	// IRC is not particularly reconnect-heavy, prefer forward secrecy
+	SSL_CTX_set_session_cache_mode (ctx->ssl_ctx, SSL_SESS_CACHE_OFF);
+
 	// Gah, spare me your awkward semantics, I just want to push data!
 	SSL_CTX_set_mode (ctx->ssl_ctx,
 		SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);
author	Přemysl Janouch <p.janouch@gmail.com>	2018-01-09 06:25:16 +0100
committer	Přemysl Janouch <p.janouch@gmail.com>	2018-01-09 06:25:16 +0100
commit	19400ee8b7da6138e74a5dfc86547306ec55dc2d (patch)
tree	524ea56e3f0eca5c7f714a12482719b4e259d2f4 /kike.c
parent	674ffb2f6dfc750bb719e7e90d8f03ba8d23d7e4 (diff)
download	xK-19400ee8b7da6138e74a5dfc86547306ec55dc2d.tar.gz xK-19400ee8b7da6138e74a5dfc86547306ec55dc2d.tar.xz xK-19400ee8b7da6138e74a5dfc86547306ec55dc2d.zip