From 0ff4a42e31e4ef8d190e3be866315a774b590745 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 23 Feb 2018 16:12:37 +0100
Subject: ssl: Increase security with safer default

The interoperability option to fallback to insecure renegotiation
now has to be explicitly turned on.
---
 lib/ssl/src/ssl.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/ssl/src')

diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 0b035d31be..82f62b51b9 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -843,7 +843,7 @@ handle_options(Opts0, Role, Host) ->
 		    %% Server side option
 		    reuse_session = handle_option(reuse_session, Opts, ReuseSessionFun),
 		    reuse_sessions = handle_option(reuse_sessions, Opts, true),
-		    secure_renegotiate = handle_option(secure_renegotiate, Opts, false),
+		    secure_renegotiate = handle_option(secure_renegotiate, Opts, true),
 		    client_renegotiation = handle_option(client_renegotiation, Opts, 
 							 default_option_role(server, true, Role), 
 							 server, Role),
-- 
cgit v1.2.3