diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-11-09 19:03:34 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-11-09 19:03:34 +0000 |
commit | e0e7997212c3c688140a2d8a13f9dcd03f202443 (patch) | |
tree | 0caeb7ee0d7fae76c0a151e3d6f13c28a44c53a2 /CHANGES | |
parent | befbd0619b6d1aaf9e70cfbf113afb141009bced (diff) |
First cut of renegotiation extension. (port to HEAD)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -844,6 +844,16 @@ Changes between 0.9.8l and 0.9.8m [xx XXX xxxx] + *) Implement + https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt. Re-enable + renegotiation but require the extension as needed. Unfortunately, + SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a + bad idea. It has been replaced by + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with + SSL_CTX_set_options(). This is really not recommended unless you + know what you are doing. + [Eric Rescorla <ekr@networkresonance.com> and Ben Laurie] + *) Fixes to stateless session resumption handling. Use initial_ctx when issuing and attempting to decrypt tickets in case it has changed during servername handling. Use a non-zero length session ID when attempting |