diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-22 11:52:45 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-03-24 14:07:11 +0000 |
commit | 3556b83ea2a00d0dd3e4f1ec38adb6837553e451 (patch) | |
tree | 06b2350955e46509b54608bca0db9c057eca20d1 /INSTALL | |
parent | c3043dcd55d81617408025b1cdb8241ef753b805 (diff) |
Make the TLSv1.3 downgrade mechanism a configurable option
Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)
Diffstat (limited to 'INSTALL')
-rw-r--r-- | INSTALL | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -427,6 +427,16 @@ require additional system-dependent options! See "Note on multi-threading" below. + enable-tls13downgrade + TODO(TLS1.3): Make this enabled by default and remove the + option when TLSv1.3 is out of draft + TLSv1.3 offers a downgrade protection mechanism. This is + implemented but disabled by default. It should not typically + be enabled except for testing purposes. Otherwise this could + cause problems if a pre-RFC version of OpenSSL talks to an + RFC implementation (it will erroneously be detected as a + downgrade). + no-ts Don't build Time Stamping Authority support. |