diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-02-17 18:37:47 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-02-17 18:37:47 +0000 |
commit | 442ac8d25993b2fbdd801cae79a2e78612cfaf80 (patch) | |
tree | b19557b5ae3392b7f346eb2dbd2a9b142165c5c7 /CHANGES | |
parent | 657b02d0cfa4a84765dc20b0e5eab20cb93988bb (diff) |
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -36,7 +36,7 @@ [Bodo Moeller] *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to - connect (but not renegotiate) with servers which do not support RI. + connect and renegotiate with servers which do not support RI. Until RI is more widely deployed this option is enabled by default. [Steve Henson] |