OpenSSL: Limit the number of TLS 1.3 session tickets to one

author Jouni Malinen <quic_jouni@quicinc.com>

Mon, 2 May 2022 12:57:44 +0000 (15:57 +0300)

committer Jouni Malinen <j@w1.fi>

Mon, 2 May 2022 14:16:39 +0000 (17:16 +0300)
author Jouni Malinen <quic_jouni@quicinc.com>
Mon, 2 May 2022 12:57:44 +0000 (15:57 +0300)
committer Jouni Malinen <j@w1.fi>
Mon, 2 May 2022 14:16:39 +0000 (17:16 +0300)
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c

index 564f45b6f51d5371791f59e6776456e6bb7a977d..f992f8bf920efe9b3ac887f9ce707d8455e2963a 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1106,6 +1106,10 @@ void * tls_init(const struct tls_config *conf)
                 SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_SERVER);
                 SSL_CTX_set_timeout(ssl, data->tls_session_lifetime);
                 SSL_CTX_sess_set_remove_cb(ssl, remove_session_cb);
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+               /* One session ticket is sufficient for EAP-TLS */
+               SSL_CTX_set_num_tickets(ssl, 1);
+#endif
         } else {
                 SSL_CTX_set_session_cache_mode(ssl, SSL_SESS_CACHE_OFF);
         }
author	Jouni Malinen <quic_jouni@quicinc.com>
	Mon, 2 May 2022 12:57:44 +0000 (15:57 +0300)
committer	Jouni Malinen <j@w1.fi>
	Mon, 2 May 2022 14:16:39 +0000 (17:16 +0300)