stream-ssl: Disable TLS session tickets.

OVS currently does not support TLS session resumption.  The server
side session cache is disabled (SSL_SESS_CACHE_OFF) and no session
id context is configured.  However, clients may still send stateless
tickets, causing SSL_accept() to fail with "session id context
uninitialized".

Disable stateless session tickets with SSL_OP_NO_TICKET so that
clients do not attempt resumption.

Signed-off-by: Mykola Yurchenko <myurchenko@nvidia.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>

Author: koolzz

lib/stream-ssl.c

@@ -1071,6 +1071,7 @@ do_ssl_init(void)
     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                        NULL);
     SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+    SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
     SSL_CTX_set_cipher_list(ctx, "DEFAULT:@SECLEVEL=2");
 
     return 0;