1
0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
openbsd-src/usr.sbin/relayd
reyk dbb03cc582 Disable client-initiated TLS renegotiation by default.
It is rarely needed and imposes a light DoS risk.  LibreSSL's libssl
allows to turn it off with a simple SSL_OP_NO_CLIENT_RENEGOTIATION
option instead of the complicated implementation that was used before.
It now turns it off completely instead of allowing one initial
client-initiated renegotiation.

It can still be enabled with "tls client-renegotiation".

ok benno@ beck@ jsing@
2017-02-02 08:24:16 +00:00
..
agentx.c Remove NULL-checks before free(). No functional change. 2015-12-07 04:03:27 +00:00
ca.c Add -Wcast-qual and cast away one false positive where we use a const 2016-09-28 15:03:03 +00:00
carp.c fix fd leaks in error paths 2016-08-18 00:45:52 +00:00
check_icmp.c Split "struct relayd" into two structs: "struct relayd" and "struct 2016-09-02 14:45:51 +00:00
check_script.c Split "struct relayd" into two structs: "struct relayd" and "struct 2016-09-02 14:45:51 +00:00
check_tcp.c This adds the host_error output and the http code (when available) to the 2016-01-11 21:31:42 +00:00
config.c The new fork+exec mode used too many fds in the parent process on 2016-11-24 21:01:18 +00:00
control.c Stop accessing verbose and debug variables from log.c directly. 2017-01-09 14:49:21 +00:00
hce.c Use the fork+exec privsep model in relayd; based on rzalamena@'s work 2016-09-03 14:09:04 +00:00
http.h rfc 7230 3.3.3 says: response with a status code of 1xx 2016-08-01 21:14:45 +00:00
log.c Stop accessing verbose and debug variables from log.c directly. 2017-01-09 14:49:21 +00:00
Makefile Add -Wcast-qual and cast away one false positive where we use a const 2016-09-28 15:03:03 +00:00
name2id.c Clean up the relayd headers with help of include-what-you-use and some 2015-01-22 17:42:09 +00:00
parse.y Replace hand-rolled for(;;) emptying of 'symhead' TAILQ with more 2017-01-05 13:53:09 +00:00
pfe_filter.c move the opening of /dev/pf from the parent process to the pfe process 2017-01-24 10:49:14 +00:00
pfe_route.c Split "struct relayd" into two structs: "struct relayd" and "struct 2016-09-02 14:45:51 +00:00
pfe.c move the opening of /dev/pf from the parent process to the pfe process 2017-01-24 10:49:14 +00:00
proc.c Stop accessing verbose and debug variables from log.c directly. 2017-01-09 14:49:21 +00:00
relay_http.c spacing 2016-09-26 16:25:16 +00:00
relay_udp.c Stop accessing verbose and debug variables from log.c directly. 2017-01-09 14:49:21 +00:00
relay.c Disable client-initiated TLS renegotiation by default. 2017-02-02 08:24:16 +00:00
relayd.8 use file system path (.Pa) semantic markup macros where appropriate. 2015-07-27 14:50:58 +00:00
relayd.c move the opening of /dev/pf from the parent process to the pfe process 2017-01-24 10:49:14 +00:00
relayd.conf.5 Disable client-initiated TLS renegotiation by default. 2017-02-02 08:24:16 +00:00
relayd.h Disable client-initiated TLS renegotiation by default. 2017-02-02 08:24:16 +00:00
shuffle.c Clean up the relayd headers with help of include-what-you-use and some 2015-01-22 17:42:09 +00:00
snmp.c Move snmp options into struct relayd_config and delay start of the 2016-09-02 16:14:09 +00:00
ssl.c Stop accessing verbose and debug variables from log.c directly. 2017-01-09 14:49:21 +00:00
util.c Move local logging functions from log.c to new file util.c (that is 2015-11-21 12:37:42 +00:00