From 933a74a41898177f5e2aa410e685e994bf715f44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= <markus.makela@mariadb.com>
Date: Sat, 24 Mar 2018 13:00:31 +0200
Subject: [PATCH] MXS-1739: Disable TLS session cache

Disabling the session cache prevents errors from being generated as the
default OpenSSL configuration is to enable session caching but with an
uninitialized context ID. In addition to preventing the errors, it
prevents the possible security problems implicated by the definition a
"static" context ID.
---
 server/core/listener.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/core/listener.c b/server/core/listener.c
index 9a067fe07..b1dabca69 100644
--- a/server/core/listener.c
+++ b/server/core/listener.c
@@ -290,6 +290,9 @@ listener_init_SSL(SSL_LISTENER *ssl_listener)
         /** Disable SSLv3 */
         SSL_CTX_set_options(ssl_listener->ctx, SSL_OP_NO_SSLv3);
 
+        // Disable session cache
+        SSL_CTX_set_session_cache_mode(ssl_listener->ctx, SSL_SESS_CACHE_OFF);
+
         /** Generate the 512-bit and 1024-bit RSA keys */
         if (rsa_512 == NULL && (rsa_512 = create_rsa(512)) == NULL)
         {