Option to disable padding extension.

Add TLS padding extension to SSL_OP_ALL so it is used with other "bugs" options and can be turned off. This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient option referring to SSLv2 and SSLREF. PR#3336
author: Dr. Stephen Henson <steve@openssl.org> 2014-06-01 16:36:24 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2014-06-01 16:50:37 +0100
commit: aaed77c55ecf82594bf3b44b1bcad66c42611777 (patch)
tree: fc9af3ae134003eb397bbfa78ac38d5a22daa18f /doc
parent: 49270d0431809e3a633ee865d73f0d7af89f9302 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index fded0601b5..d8866927a2 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -112,6 +112,12 @@ vulnerability affecting CBC ciphers, which cannot be handled by some
 broken SSL implementations.  This option has no effect for connections
 using other ciphers.
 
+=item SSL_OP_TLSEXT_PADDING
+
+Adds a padding extension to ensure the ClientHello size is never between
+256 and 511 bytes in length. This is needed as a workaround for some
+implementations.
+
 =item SSL_OP_ALL
 
 All of the above bug workarounds.
author	Dr. Stephen Henson <steve@openssl.org>	2014-06-01 16:36:24 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2014-06-01 16:50:37 +0100
commit	aaed77c55ecf82594bf3b44b1bcad66c42611777 (patch)
tree	fc9af3ae134003eb397bbfa78ac38d5a22daa18f /doc
parent	49270d0431809e3a633ee865d73f0d7af89f9302 (diff)