From 036419c3440c2c9141eae47245139da130390fb4 Mon Sep 17 00:00:00 2001
From: Aaron Jones <aaronmdjones@gmail.com>
Date: Wed, 31 Aug 2016 00:13:56 +0000
Subject: [PATCH] MbedTLS: Misc security improvements

As a client, require all peers (i.e. other IRC servers) to support secure
renegotiation. Break handshakes with servers that don't. We do not
renegotiate our sessions, but this is the most secure option regardless.

As a client, disable TLS Session Tickets. The server side MbedTLS code
does not have any ticket callbacks configured, so an MbedTLS IRC Server
will not issue tickets -- however, others could. Server connections are
not expected to be short-lived enough to benefit from the usage of tickets,
and their issuance harms forward secrecy.
---
 libratbox/src/mbedtls.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libratbox/src/mbedtls.c b/libratbox/src/mbedtls.c
index c5195c02..1b3640c6 100644
--- a/libratbox/src/mbedtls.c
+++ b/libratbox/src/mbedtls.c
@@ -158,6 +158,7 @@ rb_mbedtls_cfg_new(void)
 	{
 		rb_lib_log("rb_mbedtls_cfg_new: ssl_config_defaults (server): %s",
 		           rb_get_ssl_strerror_internal(ret));
+
 		rb_mbedtls_cfg_decref(cfg);
 		return NULL;
 	}
@@ -168,6 +169,7 @@ rb_mbedtls_cfg_new(void)
 	{
 		rb_lib_log("rb_mbedtls_cfg_new: ssl_config_defaults (client): %s",
 		           rb_get_ssl_strerror_internal(ret));
+
 		rb_mbedtls_cfg_decref(cfg);
 		return NULL;
 	}
@@ -181,6 +183,14 @@ rb_mbedtls_cfg_new(void)
 	mbedtls_ssl_conf_authmode(&cfg->server_cfg, MBEDTLS_SSL_VERIFY_OPTIONAL);
 	mbedtls_ssl_conf_authmode(&cfg->client_cfg, MBEDTLS_SSL_VERIFY_NONE);
 
+	#ifdef MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE
+	mbedtls_ssl_conf_legacy_renegotiation(&cfg->client_cfg, MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE);
+	#endif
+
+	#ifdef MBEDTLS_SSL_SESSION_TICKETS_DISABLED
+	mbedtls_ssl_conf_session_tickets(&cfg->client_cfg, MBEDTLS_SSL_SESSION_TICKETS_DISABLED);
+	#endif
+
 	return cfg;
 }