diff options
| -rw-r--r-- | tlscommon.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/tlscommon.c b/tlscommon.c index b718ca2..d5a35bf 100644 --- a/tlscommon.c +++ b/tlscommon.c @@ -227,11 +227,13 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { debug(DBG_ERR, "tlscreatectx: Error initialising SSL/TLS in TLS context %s", conf->name); return NULL; } -#if OPENSSL_VERSION_NUMBER < 0x1000002f - debug(DBG_WARN, "%s: OpenSSL seems to be older than " - "1.0.0b -- disabling OpenSSL session caching for context %p " - "to avoid a TLS extension parsing race condition " - "(http://openssl.org/news/secadv_20101116.txt).", __func__, ctx); +#if OPENSSL_VERSION_NUMBER < 0x0090810f \ + || (OPENSSL_VERSION_NUMBER >= 0x1000000f \ + && OPENSSL_VERSION_NUMBER < 0x1000002f) + debug(DBG_WARN, "%s: OpenSSL seems to be of a version with a " + "certain security critical bug (fixed in OpenSSL 0.9.8p and " + "1.0.0b). Disabling OpenSSL session caching for context %p.", + __func__, ctx); SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); #endif |