diff options
author | Matt Caswell <matt@openssl.org> | 2018-06-15 14:55:06 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-07-02 15:06:12 +0100 |
commit | 3bb5e5b09e32defefda2b61087c113203005ffa0 (patch) | |
tree | 47b35b54cfc423ea594f73cf603e24844e78ff96 /apps/s_server.c | |
parent | 5a42141565a4074167b006e7a28a822176b40f86 (diff) | |
download | openssl-3bb5e5b09e32defefda2b61087c113203005ffa0.tar.gz |
Add the ability to configure anti-replay via SSL_CONF
This also adds the ability to control this through s_server
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6469)
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index df2bf02a6e..b0502005cc 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -749,6 +749,7 @@ typedef enum OPTION_choice { OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, + OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -958,6 +959,8 @@ const OPTIONS s_server_options[] = { {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"}, {"num_tickets", OPT_S_NUM_TICKETS, 'n', "The number of TLSv1.3 session tickets that a server will automatically issue" }, + {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"}, + {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"}, {NULL, OPT_EOF, 0, NULL} }; @@ -1258,6 +1261,8 @@ int s_server_main(int argc, char *argv[]) break; case OPT_S_CASES: case OPT_S_NUM_TICKETS: + case OPT_ANTI_REPLAY: + case OPT_NO_ANTI_REPLAY: if (ssl_args == NULL) ssl_args = sk_OPENSSL_STRING_new_null(); if (ssl_args == NULL |