First cut of renegotiation extension. (port to HEAD)

author: Dr. Stephen Henson <steve@openssl.org> 2009-11-09 19:03:34 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-11-09 19:03:34 +0000
commit: e0e7997212c3c688140a2d8a13f9dcd03f202443 (patch)
tree: 0caeb7ee0d7fae76c0a151e3d6f13c28a44c53a2 /CHANGES
parent: befbd0619b6d1aaf9e70cfbf113afb141009bced (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index f0e2c1dbb1..46803f33d8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -844,6 +844,16 @@
 
  Changes between 0.9.8l and 0.9.8m  [xx XXX xxxx]
 
+  *) Implement
+     https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt. Re-enable
+     renegotiation but require the extension as needed. Unfortunately,
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a
+     bad idea. It has been replaced by
+     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
+     SSL_CTX_set_options(). This is really not recommended unless you
+     know what you are doing.
+     [Eric Rescorla <ekr@networkresonance.com> and Ben Laurie]
+
   *) Fixes to stateless session resumption handling. Use initial_ctx when
      issuing and attempting to decrypt tickets in case it has changed during
      servername handling. Use a non-zero length session ID when attempting
author	Dr. Stephen Henson <steve@openssl.org>	2009-11-09 19:03:34 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-11-09 19:03:34 +0000
commit	e0e7997212c3c688140a2d8a13f9dcd03f202443 (patch)
tree	0caeb7ee0d7fae76c0a151e3d6f13c28a44c53a2 /CHANGES
parent	befbd0619b6d1aaf9e70cfbf113afb141009bced (diff)