diff options
-rwxr-xr-x | Configure | 2 | ||||
-rw-r--r-- | INSTALL | 10 |
2 files changed, 12 insertions, 0 deletions
@@ -407,6 +407,7 @@ my @disablables = ( "tests", "threads", "tls", + "tls13downgrade", "ts", "ubsan", "ui", @@ -451,6 +452,7 @@ our %disabled = ( # "what" => "comment" "ubsan" => "default", #TODO(TLS1.3): Temporarily disabled while this is a WIP "tls1_3" => "default", + "tls13downgrade" => "default", "unit-test" => "default", "weak-ssl-ciphers" => "default", "zlib" => "default", @@ -427,6 +427,16 @@ require additional system-dependent options! See "Note on multi-threading" below. + enable-tls13downgrade + TODO(TLS1.3): Make this enabled by default and remove the + option when TLSv1.3 is out of draft + TLSv1.3 offers a downgrade protection mechanism. This is + implemented but disabled by default. It should not typically + be enabled except for testing purposes. Otherwise this could + cause problems if a pre-RFC version of OpenSSL talks to an + RFC implementation (it will erroneously be detected as a + downgrade). + no-ts Don't build Time Stamping Authority support. |