s23_clnt.c: ensure interoperability by maitaining client "version capability"

vector contiguous [from HEAD]. PR: 2802
author: Andy Polyakov <appro@openssl.org> 2012-04-25 22:07:23 +0000
committer: Andy Polyakov <appro@openssl.org> 2012-04-25 22:07:23 +0000
commit: 5bbed29518243edc4b62b452151b9756f057f168 (patch)
tree: a4976847ab4fd313da837aba53bec8ea20412cff /CHANGES
parent: 2f2d33f4705aecaa103a561ecb31559cd7886cfc (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index 99b0a5de9f..7b4a78a160 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,13 @@
 
  Changes between 1.0.1a and 1.0.1b [xx XXX xxxx]
 
-  *)
+  *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not
+     disable just protocol X, but all protocols above X *if* there are
+     protocols *below* X still enabled. In more practical terms it means
+     that if application wants to disable TLS1.0 in favor of TLS1.1 and
+     above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass
+     SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
+     [Andy Polyakov]
 
  Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
author	Andy Polyakov <appro@openssl.org>	2012-04-25 22:07:23 +0000
committer	Andy Polyakov <appro@openssl.org>	2012-04-25 22:07:23 +0000
commit	5bbed29518243edc4b62b452151b9756f057f168 (patch)
tree	a4976847ab4fd313da837aba53bec8ea20412cff /CHANGES
parent	2f2d33f4705aecaa103a561ecb31559cd7886cfc (diff)