Option to disable padding extension.

Add TLS padding extension to SSL_OP_ALL so it is used with other "bugs" options and can be turned off. This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient option referring to SSLv2 and SSLREF. PR#3336 (cherry picked from commit 758415b2259fa45d3fe17d8e53ae1341b7b6e482) Conflicts: ssl/t1_lib.c
author: Dr. Stephen Henson <steve@openssl.org> 2014-06-01 16:08:18 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-06-01 16:50:25 +0100
commit: 623a01df491d79554136a9f09997bc72758071ea (patch)
tree: 714543ad0d6839bba74429b31e0b3f3a7038a2c6 /doc/ssl
parent: 08b172b975bcd5854f9201b9f89d05dc330adb79 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index fded0601b5..d8866927a2 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -112,6 +112,12 @@ vulnerability affecting CBC ciphers, which cannot be handled by some
 broken SSL implementations.  This option has no effect for connections
 using other ciphers.
 
+=item SSL_OP_TLSEXT_PADDING
+
+Adds a padding extension to ensure the ClientHello size is never between
+256 and 511 bytes in length. This is needed as a workaround for some
+implementations.
+
 =item SSL_OP_ALL
 
 All of the above bug workarounds.
author	Dr. Stephen Henson <steve@openssl.org>	2014-06-01 16:08:18 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-06-01 16:50:25 +0100
commit	623a01df491d79554136a9f09997bc72758071ea (patch)
tree	714543ad0d6839bba74429b31e0b3f3a7038a2c6 /doc/ssl
parent	08b172b975bcd5854f9201b9f89d05dc330adb79 (diff)