diff options
author | Matt Caswell <matt@openssl.org> | 2018-07-18 16:13:14 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-08-15 12:33:30 +0100 |
commit | 9f22c527232d8babfa4827dff34a6707e8880dd9 (patch) | |
tree | dcc7a43d93421790c76b5a4aab274285e2dcd15d /INSTALL | |
parent | 35e742ecac9239539db016e1282b4cbdf501509c (diff) |
Turn on TLSv1.3 downgrade protection by default
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
Diffstat (limited to 'INSTALL')
-rw-r--r-- | INSTALL | 10 |
1 files changed, 0 insertions, 10 deletions
@@ -476,16 +476,6 @@ require additional system-dependent options! See "Note on multi-threading" below. - enable-tls13downgrade - TODO(TLS1.3): Make this enabled by default and remove the - option when TLSv1.3 is out of draft - TLSv1.3 offers a downgrade protection mechanism. This is - implemented but disabled by default. It should not typically - be enabled except for testing purposes. Otherwise this could - cause problems if a pre-RFC version of OpenSSL talks to an - RFC implementation (it will erroneously be detected as a - downgrade). - no-ts Don't build Time Stamping Authority support. |