Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and
OpenSSL 1.0.0. Add CHANGES entry noting the consequences.
This commit is contained in:
Dr. Stephen Henson
@@ -560,7 +560,6 @@ struct ssl_session_st
|
||||
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
|
||||
#define SSL_OP_TLS_D5_BUG 0x00000100L
|
||||
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
|
||||
#define SSL_OP_NO_TLSv1_1 0x00000400L
|
||||
|
||||
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
|
||||
* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
|
||||
@@ -608,6 +607,7 @@ struct ssl_session_st
|
||||
#define SSL_OP_NO_SSLv3 0x02000000L
|
||||
#define SSL_OP_NO_TLSv1 0x04000000L
|
||||
#define SSL_OP_NO_TLSv1_2 0x08000000L
|
||||
#define SSL_OP_NO_TLSv1_1 0x10000000L
|
||||
|
||||
/* These next two were never actually used for anything since SSLeay
|
||||
* zap so we have some more flags.
|
||||
|
||||
Reference in New Issue
Block a user