From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 6EBE384C1C for ; Wed, 15 Dec 2021 15:18:43 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 6264C12F56 for ; Wed, 15 Dec 2021 15:18:43 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 2A43712F48 for ; Wed, 15 Dec 2021 15:18:41 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id EF511451D9 for ; Wed, 15 Dec 2021 15:18:40 +0100 (CET) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Wed, 15 Dec 2021 15:18:36 +0100 Message-Id: <20211215141836.3406716-1-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.248 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup] fix #3763: disable renegotiation X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2021 14:18:43 -0000 requires openssl crate with fix[0], like our packaged one. 0: https://github.com/sfackler/rust-openssl/pull/1584 Tested-by: Stoiko Ivanov s.ivanov@proxmox.com Reviewed-by: Stoiko Ivanov s.ivanov@proxmox.com Signed-off-by: Fabian Grünbichler --- sending as patch since we could also wait for the PR to land and bump the dep then accordingly.. Cargo.toml | 2 +- src/bin/proxmox-backup-proxy.rs | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index d7ad2085..d1fe9c67 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -64,7 +64,7 @@ log = "0.4" nix = "0.19.1" num-traits = "0.2" once_cell = "1.3.1" -openssl = "0.10" +openssl = "0.10.38" # currently patched! pam = "0.7" pam-sys = "0.5" percent-encoding = "2.1" diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs index 07a53687..5e5babd1 100644 --- a/src/bin/proxmox-backup-proxy.rs +++ b/src/bin/proxmox-backup-proxy.rs @@ -348,6 +348,7 @@ fn make_tls_acceptor() -> Result { .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?; acceptor.set_certificate_chain_file(cert_path) .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?; + acceptor.set_options(openssl::ssl::SslOptions::NO_RENEGOTIATION); acceptor.check_private_key().unwrap(); Ok(acceptor.build()) -- 2.30.2