diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2016-10-14 00:26:38 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-10-05 09:29:28 +0200 |
commit | 619c589bdb2fc52e4f180db548222e2b7ab169d8 (patch) | |
tree | 5a1b866a98cb0924c930e8f1840769a7f1506da5 /doc | |
parent | 6717d1cf7db731e1087d84aa5195c3d0e71c4d30 (diff) |
Add SSL_OP_NO_ENCRYPT_THEN_MAC
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit cde6145ba19a2fce039cf054a89e49f67c623c59)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/ssl/SSL_CTX_set_options.pod | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 635b470e12..63609f3a31 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -189,6 +189,14 @@ Allow legacy insecure renegotiation between OpenSSL and unpatched servers B<only>: this option is currently set by default. See the B<SECURE RENEGOTIATION> section for more details. +=item SSL_OP_NO_ENCRYPT_THEN_MAC + +Normally clients and servers will transparently attempt to negotiate the +RFC7366 Encrypt-then-MAC option on TLS and DTLS connection. + +If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension. + =back =head1 SECURE RENEGOTIATION |