OpenSSL: send no TLS1.3 session tickets

(cherry picked from commit 09fa60df6e9929364a2c0830eff1e0f4f27ba095)
author: Jeremy Harris <jgh146exb@wizmail.org> 2018-12-30 22:46:25 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2019-02-10 23:57:48 +0000
commit: d7f31bb61bd2255d45470d238680ac53eca62264 (patch)
tree: d7d9b3860c97cd7e7ccfd315a525a70dfa2fd67a /src
parent: 8a40db1c6153e108913c6308a95eb71725bddde3 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 045e30a85..b1f6bd4eb 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -94,6 +94,7 @@ change this guard and punt the issue for a while longer. */
 #ifndef LIBRESSL_VERSION_NUMBER
 # if OPENSSL_VERSION_NUMBER >= 0x010101000L
 #  define OPENSSL_HAVE_KEYLOG_CB
+#  define OPENSSL_HAVE_NUM_TICKETS
 # endif
 #endif
 
@@ -1809,6 +1810,10 @@ if (init_options)
 else
   DEBUG(D_tls) debug_printf("no SSL CTX options to set\n");
 
+#ifdef OPENSSL_HAVE_NUM_TICKETS
+SSL_CTX_set_num_tickets(ctx, 0);	/* send no TLS1.3 stateful-tickets */
+#endif
+
 /* We'd like to disable session cache unconditionally, but foolish Outlook
 Express clients then give up the first TLS connection and make a second one
 (which works).  Only when there is an IMAP service on the same machine.
author	Jeremy Harris <jgh146exb@wizmail.org>	2018-12-30 22:46:25 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2019-02-10 23:57:48 +0000
commit	d7f31bb61bd2255d45470d238680ac53eca62264 (patch)
tree	d7d9b3860c97cd7e7ccfd315a525a70dfa2fd67a /src
parent	8a40db1c6153e108913c6308a95eb71725bddde3 (diff)