Don't disable rollback attack detection as a recommended bug workaround.

author: Lutz Jänicke <jaenicke@openssl.org> 2001-08-03 08:45:13 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2001-08-03 08:45:13 +0000
commit: 06da6e49777285f50aeb1b920d950a9bd27fef52 (patch)
tree: 8d3eb57e387c364ecda0abe54a24acc33e80c1b5 /CHANGES
parent: b72faddc47811846d1cf28f04db2bd38422d9006 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 0c96da129c..7ec91e58d2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,6 +12,14 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  +) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+     bug workarounds. Rollback attack detection is a security feature.
+     The problem will only arise on OpenSSL servers, when TLSv1 is not
+     available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+     Software authors not wanting to support TLSv1 will have special reasons
+     for their choice and can explicitly enable this option.
+     [Bodo Moeller, Lutz Jaenicke]
+
   +) Rationalise EVP so it can be extended: don't include a union of
      cipher/digest structures, add init/cleanup functions. This also reduces
      the number of header dependencies.
author	Lutz Jänicke <jaenicke@openssl.org>	2001-08-03 08:45:13 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2001-08-03 08:45:13 +0000
commit	06da6e49777285f50aeb1b920d950a9bd27fef52 (patch)
tree	8d3eb57e387c364ecda0abe54a24acc33e80c1b5 /CHANGES
parent	b72faddc47811846d1cf28f04db2bd38422d9006 (diff)