diff options
author | Gregory Cooke <gregorycooke@google.com> | 2024-01-11 14:21:47 -0800 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2024-01-11 14:25:18 -0800 |
commit | bf4db6468291a61967781dc0c2a694ff2208c256 (patch) | |
tree | a9a6aabe3bbba102d3fa4ded411f340e3c0dc24b | |
parent | 77ad5a786e6eb2d2c5303ff4e5aafe8189013789 (diff) | |
download | grpc-grpc-bf4db6468291a61967781dc0c2a694ff2208c256.tar.gz |
Disable renegotiation (#35444)
Disable renegotiation for TLS
This option was added in OpenSSL 1.1.1, thus why it is inside of the include guards.
https://github.com/grpc/grpc/issues/35368
Closes #35444
COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/35444 from gtcooke94:disable_renegotiation 715533c90c1cd06ea96d08fe3039b5a849d22453
PiperOrigin-RevId: 597653469
-rw-r--r-- | src/core/tsi/ssl_transport_security.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/core/tsi/ssl_transport_security.cc b/src/core/tsi/ssl_transport_security.cc index f85080be2b..4f3919319c 100644 --- a/src/core/tsi/ssl_transport_security.cc +++ b/src/core/tsi/ssl_transport_security.cc @@ -2075,6 +2075,9 @@ tsi_result tsi_create_ssl_client_handshaker_factory_with_options( #else ssl_context = SSL_CTX_new(TLSv1_2_method()); #endif +#if OPENSSL_VERSION_NUMBER >= 0x10101000 + SSL_CTX_set_options(ssl_context, SSL_OP_NO_RENEGOTIATION); +#endif if (ssl_context == nullptr) { grpc_core::LogSslErrorStack(); gpr_log(GPR_ERROR, "Could not create ssl context."); @@ -2290,6 +2293,9 @@ tsi_result tsi_create_ssl_server_handshaker_factory_with_options( #else impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method()); #endif +#if OPENSSL_VERSION_NUMBER >= 0x10101000 + SSL_CTX_set_options(impl->ssl_contexts[i], SSL_OP_NO_RENEGOTIATION); +#endif if (impl->ssl_contexts[i] == nullptr) { grpc_core::LogSslErrorStack(); gpr_log(GPR_ERROR, "Could not create ssl context."); |