diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-12-08 13:14:03 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-12-08 13:14:03 +0000 |
commit | 13f6d57b1ef964f2b9cbd8f68783884caef0e5cb (patch) | |
tree | 0e8b01c5c5428bc3aa4a9f56ed3e7f1b9ed11b1c /CHANGES | |
parent | 8025e2511381152bbe517c1819922ead5bd106e6 (diff) |
Add support for magic cipher suite value (MCSV). Make secure renegotiation
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.
NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.
Change mismatch alerts to handshake_failure as required by spec.
Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 5 |
1 files changed, 2 insertions, 3 deletions
@@ -867,15 +867,14 @@ the updated NID creation version. This should correctly handle UTF8. [Steve Henson] - *) Implement - https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt. Re-enable + *) Implement draft-ietf-tls-renegotiation. Re-enable renegotiation but require the extension as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a bad idea. It has been replaced by SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with SSL_CTX_set_options(). This is really not recommended unless you know what you are doing. - [Eric Rescorla <ekr@networkresonance.com> and Ben Laurie] + [Eric Rescorla <ekr@networkresonance.com>, Ben Laurie, Steve Henson] *) Fixes to stateless session resumption handling. Use initial_ctx when issuing and attempting to decrypt tickets in case it has changed during |