This fixes CVE-2011-1473 and CVE-2011-5094 by disabling renegotiation in
TLSv1.2 and earlier for server context.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
SSL_CTX_set_options(c, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 |
SSL_OP_NO_TLSv1_1);
#endif
+#if defined(HAVE_WOLFSSL)
+ SSL_CTX_set_options(c, SSL_AD_NO_RENEGOTIATION);
+#else
+ SSL_CTX_set_options(c, SSL_OP_NO_RENEGOTIATION);
+#endif
+
SSL_CTX_set_cipher_list(c, server_cipher_list);
} else {
SSL_CTX_set_cipher_list(c, client_cipher_list);