Update SGC flag comment.

Since SGC has been removed from OpenSSL 1.0.2 the SSL3_FLAGS_SGC_RESTART_DONE is no longer used. However the #define is retained for compatibility. Reviewed-by: Matt Caswell <matt@openssl.org>
author: Dr. Stephen Henson <steve@openssl.org> 2015-01-02 23:09:39 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2015-01-02 23:12:37 +0000
commit: 5396c1190fe7c95b71d5d091c31d0fd6d65bb2ff (patch)
tree: 8261fe34197a28014399302f8743d0cafdd52183
parent: cf95b2d66ac5ea857a28eb901effa4da6b0c4bca (diff)
1 files changed, 1 insertions, 9 deletions
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 36320ffed0..6525efeeb3 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -435,15 +435,7 @@ typedef struct ssl3_buffer_st
  */
 #define SSL3_FLAGS_CCS_OK			0x0080
 
-/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
- * restart a handshake because of MS SGC and so prevents us
- * from restarting the handshake in a loop. It's reset on a
- * renegotiation, so effectively limits the client to one restart
- * per negotiation. This limits the possibility of a DDoS
- * attack where the client handshakes in a loop using SGC to
- * restart. Servers which permit renegotiation can still be
- * effected, but we can't prevent that.
- */
+/* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */
 #define SSL3_FLAGS_SGC_RESTART_DONE		0x0040
 
 #ifndef OPENSSL_NO_SSL_INTERN
author	Dr. Stephen Henson <steve@openssl.org>	2015-01-02 23:09:39 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2015-01-02 23:12:37 +0000
commit	5396c1190fe7c95b71d5d091c31d0fd6d65bb2ff (patch)
tree	8261fe34197a28014399302f8743d0cafdd52183
parent	cf95b2d66ac5ea857a28eb901effa4da6b0c4bca (diff)