diff options
author | Bodo Moeller <bodo@openssl.org> | 2014-10-15 11:15:58 +0200 |
---|---|---|
committer | Bodo Moeller <bodo@openssl.org> | 2014-10-15 11:15:58 +0200 |
commit | 3f4d81e88b6f3cce83eae0448cc6542e3e251854 (patch) | |
tree | d66f9e7c2b5b2a27d3a4e35b130c824d28dd3186 /doc | |
parent | dc5dfe431cffbc1fa8eeead0853bd03395e52e71 (diff) |
Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv
handling out of #ifndef OPENSSL_NO_DTLS1 section.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/s_client.pod | 10 | ||||
-rw-r--r-- | doc/ssl/SSL_CTX_set_mode.pod | 6 |
2 files changed, 13 insertions, 3 deletions
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 96307a9dfe..5736e28cbb 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -50,6 +50,7 @@ B<openssl> B<s_client> [B<-no_ssl2>] [B<-no_ssl3>] [B<-no_tls1>] +[B<-fallback_scsv>] [B<-bugs>] [B<-cipher cipherlist>] [B<-starttls protocol>] @@ -198,10 +199,13 @@ these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. -Unfortunately there are a lot of ancient and broken servers in use which +Unfortunately there are still ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only -work if TLS is turned off with the B<-no_tls> option others will only -support SSL v2 and may need the B<-ssl2> option. +work if TLS is turned off. + +=item B<-fallback_scsv> + +Send TLS_FALLBACK_SCSV in the ClientHello. =item B<-bugs> diff --git a/doc/ssl/SSL_CTX_set_mode.pod b/doc/ssl/SSL_CTX_set_mode.pod index 9822544e5e..0ee23433ba 100644 --- a/doc/ssl/SSL_CTX_set_mode.pod +++ b/doc/ssl/SSL_CTX_set_mode.pod @@ -61,6 +61,12 @@ deal with read/write operations returning without success report. The flag SSL_MODE_AUTO_RETRY will cause read/write operations to only return after the handshake and successful completion. +=item SSL_MODE_FALLBACK_SCSV + +Send TLS_FALLBACK_SCSV in the ClientHello. +To be set by applications that reconnect with a downgraded protocol +version; see draft-ietf-tls-downgrade-scsv-00 for details. + =back =head1 RETURN VALUES |