diff options
author | Bodo Moeller <bodo@openssl.org> | 2014-10-21 22:41:07 +0200 |
---|---|---|
committer | Bodo Moeller <bodo@openssl.org> | 2014-10-21 22:41:07 +0200 |
commit | 2a303a583469f480938459cb5da2ba45f5b59ed2 (patch) | |
tree | db41707e669aaa53c4545a9d31e6b50b37e6181e /doc | |
parent | 8d81dfd0a60da2914166ac275a67774646d8881e (diff) |
Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/ssl/SSL_CTX_set_mode.pod | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/doc/ssl/SSL_CTX_set_mode.pod b/doc/ssl/SSL_CTX_set_mode.pod index 0bcf5d2afc..2a5aaa555e 100644 --- a/doc/ssl/SSL_CTX_set_mode.pod +++ b/doc/ssl/SSL_CTX_set_mode.pod @@ -71,12 +71,16 @@ SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections. -=item SSL_MODE_FALLBACK_SCSV +=item SSL_MODE_SEND_FALLBACK_SCSV Send TLS_FALLBACK_SCSV in the ClientHello. -To be set by applications that reconnect with a downgraded protocol +To be set only by applications that reconnect with a downgraded protocol version; see draft-ietf-tls-downgrade-scsv-00 for details. +DO NOT ENABLE THIS if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft-ietf-tls-downgrade-scsv-00. + =back =head1 RETURN VALUES |