Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL

author: Dr. Stephen Henson <steve@openssl.org> 2009-12-11 00:20:58 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2009-12-11 00:20:58 +0000
commit: f1784f2fd2dbeed30fddaef3ec70f425a51e5063 (patch)
tree: 8ffc6e2d1a1e90144a21a9acb758940122e93f6d /ssl/ssl.h
parent: 730f5752ff620132762b3b2a33822ee94222fdfd (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 2f6dd3c555..ffeff09a00 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -524,7 +524,6 @@ typedef struct ssl_session_st
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x00000400L
 
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
@@ -550,6 +549,8 @@ typedef struct ssl_session_st
 #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
 /* Don't use compression even if supported */
 #define SSL_OP_NO_COMPRESSION				0x00020000L
+/* Permit unsafe legacy renegotiation */
+#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION	0x00040000L
 /* If set, always create a new key when using tmp_ecdh parameters */
 #define SSL_OP_SINGLE_ECDH_USE				0x00080000L
 /* If set, always create a new key when using tmp_dh parameters */
author	Dr. Stephen Henson <steve@openssl.org>	2009-12-11 00:20:58 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2009-12-11 00:20:58 +0000
commit	f1784f2fd2dbeed30fddaef3ec70f425a51e5063 (patch)
tree	8ffc6e2d1a1e90144a21a9acb758940122e93f6d /ssl/ssl.h
parent	730f5752ff620132762b3b2a33822ee94222fdfd (diff)