From 19400ee8b7da6138e74a5dfc86547306ec55dc2d Mon Sep 17 00:00:00 2001
From: Přemysl Janouch
Date: Tue, 9 Jan 2018 06:25:16 +0100
Subject: kike: disable TLS session reuse
---
kike.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kike.c b/kike.c
index dfd896f..33d80f4 100644
--- a/kike.c
+++ b/kike.c
@@ -3544,6 +3544,9 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
(void) SSL_CTX_set_session_id_context (ctx->ssl_ctx,
session_id_context, sizeof session_id_context);
+ // IRC is not particularly reconnect-heavy, prefer forward secrecy
+ SSL_CTX_set_session_cache_mode (ctx->ssl_ctx, SSL_SESS_CACHE_OFF);
+
// Gah, spare me your awkward semantics, I just want to push data!
SSL_CTX_set_mode (ctx->ssl_ctx,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);
--
cgit v1.2.3-70-g09d2