X-Git-Url: https://ruderich.org/simon/gitweb/?p=tlsproxy%2Ftlsproxy.git;a=blobdiff_plain;f=src%2Ftlsproxy.h;fp=src%2Ftlsproxy.h;h=4664428fe862be1f5ce02bde348399b037667b8d;hp=33df814f622331f3b6ab464858fd749c19758f26;hb=55ce9f0a9991527dc9a7c09ee03446c3a7c48e93;hpb=caf3e07bab2e42bd10fe7966542a37b41f336a0a

diff --git a/src/tlsproxy.h b/src/tlsproxy.h
index 33df814..4664428 100644
--- a/src/tlsproxy.h
+++ b/src/tlsproxy.h
@@ -55,7 +55,12 @@
     /* Don't use known insecure algorithms. */ \
     "SECURE" \
     /* Lower priority of SHA-1, user better hashes if possible. */ \
-    ":-SHA1:+SHA1"
+    ":-SHA1:+SHA1" \
+    /* Force safe renegotiations. Shouldn't cause any problems as this \
+     * option only affects the server side (with GnuTLS defaults) and the \
+     * local clients most-likely already support safe renegotiations (old \
+     * servers are therefore not an issue). */ \
+    ":%SAFE_RENEGOTIATION"
 
 
 /* Proxy hostname and port if specified on the command line. */