Add SSL_OP_NO_ENCRYPT_THEN_MAC

Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (cherry picked from commit cde6145ba19a2fce039cf054a89e49f67c623c59)
author: David Woodhouse <David.Woodhouse@intel.com> 2016-10-14 00:26:38 +0100
committer: Richard Levitte <levitte@openssl.org> 2017-10-05 09:29:28 +0200
commit: 619c589bdb2fc52e4f180db548222e2b7ab169d8 (patch)
tree: 5a1b866a98cb0924c930e8f1840769a7f1506da5 /doc
parent: 6717d1cf7db731e1087d84aa5195c3d0e71c4d30 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index 635b470e12..63609f3a31 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -189,6 +189,14 @@ Allow legacy insecure renegotiation between OpenSSL and unpatched servers
 B<only>: this option is currently set by default. See the
 B<SECURE RENEGOTIATION> section for more details.
 
+=item SSL_OP_NO_ENCRYPT_THEN_MAC
+
+Normally clients and servers will transparently attempt to negotiate the
+RFC7366 Encrypt-then-MAC option on TLS and DTLS connection.
+
+If this option is set, Encrypt-then-MAC is disabled. Clients will not
+propose, and servers will not accept the extension.
+
 =back
 
 =head1 SECURE RENEGOTIATION
author	David Woodhouse <David.Woodhouse@intel.com>	2016-10-14 00:26:38 +0100
committer	Richard Levitte <levitte@openssl.org>	2017-10-05 09:29:28 +0200
commit	619c589bdb2fc52e4f180db548222e2b7ab169d8 (patch)
tree	5a1b866a98cb0924c930e8f1840769a7f1506da5 /doc
parent	6717d1cf7db731e1087d84aa5195c3d0e71c4d30 (diff)