generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Bodo Moeller
2014-10-21 22:40:41 +02:00
parent 08931f1cd6
commit d47aebbb47
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
doc/ssl/SSL_CTX_set_mode.pod
View File

@@ -71,6 +71,16 @@ SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can
save around 34k per idle SSL connection.
This flag has no effect on SSL v2 connections, or on DTLS connections.
=item SSL_MODE_SEND_FALLBACK_SCSV
Send TLS_FALLBACK_SCSV in the ClientHello.
To be set only by applications that reconnect with a downgraded protocol
version; see draft-ietf-tls-downgrade-scsv-00 for details.
DO NOT ENABLE THIS if your application attempts a normal handshake.
Only use this in explicit fallback retries, following the guidance
in draft-ietf-tls-downgrade-scsv-00.
=back
=head1 RETURN VALUES