diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-06-01 16:08:18 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-06-01 18:15:21 +0100 |
commit | 01f2f18f3c7e229bd4b1b2e3e150722175c64971 (patch) | |
tree | 89c55d616acd71c208fd0e221bcdcacee16bc670 /doc/ssl | |
parent | f8aab6174c217fe4764652dab926e434e7838ce8 (diff) |
Option to disable padding extension.
Add TLS padding extension to SSL_OP_ALL so it is used with other
"bugs" options and can be turned off.
This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient
option referring to SSLv2 and SSLREF.
PR#3336
Diffstat (limited to 'doc/ssl')
-rw-r--r-- | doc/ssl/SSL_CTX_set_options.pod | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 4f990b2ea9..e2548c35b8 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -112,6 +112,12 @@ vulnerability affecting CBC ciphers, which cannot be handled by some broken SSL implementations. This option has no effect for connections using other ciphers. +=item SSL_OP_TLSEXT_PADDING + +Adds a padding extension to ensure the ClientHello size is never between +256 and 511 bytes in length. This is needed as a workaround for some +implementations. + =item SSL_OP_ALL All of the above bug workarounds. |