17 lines
593 B
Text
17 lines
593 B
Text
$OpenBSD: patch-libfreerdp-core_tls_c,v 1.1 2015/02/08 04:55:00 jsing Exp $
|
|
--- libfreerdp-core/tls.c.orig Sun Feb 8 04:08:05 2015
|
|
+++ libfreerdp-core/tls.c Sun Feb 8 04:12:11 2015
|
|
@@ -44,6 +44,13 @@ boolean tls_connect(rdpTls* tls)
|
|
*/
|
|
SSL_CTX_set_options(tls->ctx, SSL_OP_ALL);
|
|
|
|
+ /*
|
|
+ * Disable the SSL 3.0/TLS 1.0 CBC vulnerability workaround since this
|
|
+ * breaks NLA - the remote host will return a TLS alert 50, terminating
|
|
+ * the session.
|
|
+ */
|
|
+ SSL_CTX_set_options(tls->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
|
|
+
|
|
tls->ssl = SSL_new(tls->ctx);
|
|
|
|
if (tls->ssl == NULL)
|