Don't disable rollback attack detection as a recommended bug workaround.

author: Lutz Jänicke <jaenicke@openssl.org> 2001-08-03 08:45:13 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2001-08-03 08:45:13 +0000
commit: 06da6e49777285f50aeb1b920d950a9bd27fef52 (patch)
tree: 8d3eb57e387c364ecda0abe54a24acc33e80c1b5 /ssl
parent: b72faddc47811846d1cf28f04db2bd38422d9006 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/ssl/ssl.h b/ssl/ssl.h
index dc80ae9e43..8f5d0a4d47 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -332,7 +332,6 @@ typedef struct ssl_session_st
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
-#define SSL_OP_TLS_ROLLBACK_BUG				0x00000400L
 
 /* If set, always create a new key when using tmp_dh parameters */
 #define SSL_OP_SINGLE_DH_USE				0x00100000L
@@ -341,6 +340,11 @@ typedef struct ssl_session_st
 /* Set on servers to choose the cipher according to the server's
  * preferences */
 #define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L
+/* If set, a server will allow a client to issue a SSLv3.0 version number
+ * as latest version supported in the premaster secret, even when TLSv1.0
+ * (version 3.1) was announced in the client hello. Normally this is
+ * forbidden to prevent version rollback attacks. */
+#define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L
 
 /* The next flag deliberately changes the ciphertest, this is a check
  * for the PKCS#1 attack */
author	Lutz Jänicke <jaenicke@openssl.org>	2001-08-03 08:45:13 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2001-08-03 08:45:13 +0000
commit	06da6e49777285f50aeb1b920d950a9bd27fef52 (patch)
tree	8d3eb57e387c364ecda0abe54a24acc33e80c1b5 /ssl
parent	b72faddc47811846d1cf28f04db2bd38422d9006 (diff)