$OpenBSD: patch-libfreerdp-core_tls_c,v 1.1 2015/02/08 04:55:00 jsing Exp $
--- libfreerdp-core/tls.c.orig	Sun Feb  8 04:08:05 2015
+++ libfreerdp-core/tls.c	Sun Feb  8 04:12:11 2015
@@ -44,6 +44,13 @@ boolean tls_connect(rdpTls* tls)
 	 */
 	SSL_CTX_set_options(tls->ctx, SSL_OP_ALL);
 
+	/*
+	 * Disable the SSL 3.0/TLS 1.0 CBC vulnerability workaround since this
+	 * breaks NLA - the remote host will return a TLS alert 50, terminating
+	 * the session.
+	 */
+	SSL_CTX_set_options(tls->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+
 	tls->ssl = SSL_new(tls->ctx);
 
 	if (tls->ssl == NULL)
