File 0001-With-OpenSSL-1.1-Disable-client-initiated-renegotiation.patch of Package spice.19889

Subject: With OpenSSL 1.1: Disable client-initiated renegotiation.
From: Julien Ropé jrope@redhat.com Wed Dec 2 13:39:27 2020 +0100
Date: Mon Dec 7 14:43:24 2020 +0000:
Git: ca5bbc5692e052159bce1a75f55dc60b36078749

Fixes issue #49
Fixes BZ#1904459

Signed-off-by: Julien Ropé <jrope@redhat.com>
Reported-by: BlackKD
Acked-by: Frediano Ziglio <fziglio@redhat.com>

diff --git a/server/reds.c b/server/reds.c
index fe69508e..f61086cb 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -2918,6 +2918,10 @@ static int reds_init_ssl(RedsState *reds
      * When some other SSL/TLS version becomes obsolete, add it to this
      * variable. */
     long ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION | SSL_OP_NO_TLSv1;
+#ifdef SSL_OP_NO_RENEGOTIATION
+    // With OpenSSL 1.1: Disable all renegotiation in TLSv1.2 and earlier
+    ssl_options |= SSL_OP_NO_RENEGOTIATION;
+#endif
 
     /* Global system initialization*/
     g_once(&openssl_once, openssl_global_init, NULL);