diff options
author | Matt Caswell <matt@openssl.org> | 2018-02-01 17:40:17 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-02-02 10:05:47 +0000 |
commit | 22da44fce9ca198d9115e2852e6f9a0183e56886 (patch) | |
tree | 77486c9af953a7149f77286e7305e89fe0fd3666 /doc | |
parent | 03cb2cc9e53f7ca7539069a388d2767fffa7cf66 (diff) |
Document SSL_OP_ENABLE_MIDDLEBOX_COMPAT
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5237)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/SSL_CTX_set_options.pod | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index ba9a95f3a7..0d510773cd 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -189,6 +189,15 @@ those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere in the server cipher list; but still allows other clients to use AES and other ciphers. Requires B<SSL_OP_CIPHER_SERVER_PREFERENCE>. +=item SSL_OP_ENABLE_MIDDLEBOX_COMPAT + +If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This +has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that +do not understand TLSv1.3 will not drop the connection. Regardless of whether +this option is set or not CCS messages received from the peer will always be +ignored in TLSv1.3. This option is set by default. To switch it off use +SSL_clear_options(). A future version of OpenSSL may not set this by default. + =back The following options no longer have any effect but their identifiers are |