diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-01-22 20:17:30 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-01-22 20:17:30 +0000 |
commit | 1699389a4691ea94455ac73fda58b8be9c1f7708 (patch) | |
tree | b5340c0a4d5f6af37a683899a03e49725b9d4b31 /doc/ssl | |
parent | ad8ee3d7d19691362de56a334a9b6f1961b8cde9 (diff) |
Tolerate PKCS#8 DSA format with negative private key.
Diffstat (limited to 'doc/ssl')
-rw-r--r-- | doc/ssl/SSL_CTX_set_options.pod | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 9331e67153..72ebcadfe6 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -247,7 +247,9 @@ If an unpatched client attempts to connect to a patched OpenSSL server then the attempt will succeed but renegotiation is not permitted. As required by the standard a B<no_renegotiation> alert is sent back to the client if the TLS v1.0 protocol is used. If SSLv3.0 is used then renegotiation results -in a fatal B<handshake_failed> alert. +in a fatal B<handshake_failed> alert. If the patched server attempts to +renegotiate (existing applications which renegotiate may well do this) then +a fatal B<handshake_failed> alert is sent. If a patched OpenSSL client attempts to connect to an unpatched server then the connection will fail because it is not possible to determine |