From 76bf648f940b2bcc68044f8f5ef0dea8160d919e Mon Sep 17 00:00:00 2001
From: Timo Gurr <timo.gurr@gmail.com>
Date: Tue, 16 Aug 2022 11:28:48 +0200
Subject: [PATCH] Disable SSL/TLS renegotiation

Commit 2b77e8f020f3dabab059694f7045a9ae59ee28fd allows to disable
TLS < 1.3, extend it to always disable SSL/TLS renegotiation even
for this older TLS protocols.

https://github.com/webmin/webmin/commit/2b77e8f020f3dabab059694f7045a9ae59ee28fd
https://sourceforge.net/p/webadmin/bugs/4590/
---
 miniserv.pl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/miniserv.pl b/miniserv.pl
index aa7f26958..bc02e058a 100755
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -4664,6 +4664,10 @@ if ($config{'ssl_honorcipherorder'}) {
 		&Net::SSLeay::OP_CIPHER_SERVER_PREFERENCE)';
 	}
 
+# Disable TLS renegotiation when possible, OpenSSL >= 1.1.0h
+eval 'Net::SSLeay::CTX_set_options($ssl_ctx,
+        &Net::SSLeay::OP_NO_RENEGOTIATION)';
+
 return { 'keyfile' => $keyfile,
 	 'keytime' => $kst[9],
 	 'certfile' => $certfile,