Option to disable padding extension.

Add TLS padding extension to SSL_OP_ALL so it is used with other "bugs" options and can be turned off. This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient option referring to SSLv2 and SSLREF. PR#3336
author: Dr. Stephen Henson <steve@openssl.org> 2014-06-01 16:08:18 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-06-01 18:15:21 +0100
commit: 01f2f18f3c7e229bd4b1b2e3e150722175c64971 (patch)
tree: 89c55d616acd71c208fd0e221bcdcacee16bc670 /doc/ssl
parent: f8aab6174c217fe4764652dab926e434e7838ce8 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index 4f990b2ea9..e2548c35b8 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -112,6 +112,12 @@ vulnerability affecting CBC ciphers, which cannot be handled by some
 broken SSL implementations.  This option has no effect for connections
 using other ciphers.
 
+=item SSL_OP_TLSEXT_PADDING
+
+Adds a padding extension to ensure the ClientHello size is never between
+256 and 511 bytes in length. This is needed as a workaround for some
+implementations.
+
 =item SSL_OP_ALL
 
 All of the above bug workarounds.
author	Dr. Stephen Henson <steve@openssl.org>	2014-06-01 16:08:18 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-06-01 18:15:21 +0100
commit	01f2f18f3c7e229bd4b1b2e3e150722175c64971 (patch)
tree	89c55d616acd71c208fd0e221bcdcacee16bc670 /doc/ssl
parent	f8aab6174c217fe4764652dab926e434e7838ce8 (diff)