Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as

initial connection to unpatched servers. There are no additional security concerns in doing this as clients don't see renegotiation during an attack anyway.
author: Dr. Stephen Henson <steve@openssl.org> 2010-02-17 18:37:47 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-02-17 18:37:47 +0000
commit: 442ac8d25993b2fbdd801cae79a2e78612cfaf80 (patch)
tree: b19557b5ae3392b7f346eb2dbd2a9b142165c5c7 /CHANGES
parent: 657b02d0cfa4a84765dc20b0e5eab20cb93988bb (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index dca7ce58d7..c389b6535d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -36,7 +36,7 @@
      [Bodo Moeller]
 
   *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
-     connect (but not renegotiate) with servers which do not support RI.
+     connect and renegotiate with servers which do not support RI.
      Until RI is more widely deployed this option is enabled by default.
      [Steve Henson]
author	Dr. Stephen Henson <steve@openssl.org>	2010-02-17 18:37:47 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-02-17 18:37:47 +0000
commit	442ac8d25993b2fbdd801cae79a2e78612cfaf80 (patch)
tree	b19557b5ae3392b7f346eb2dbd2a9b142165c5c7 /CHANGES
parent	657b02d0cfa4a84765dc20b0e5eab20cb93988bb (diff)