diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/SSL_CONF_cmd.pod | 1 | ||||
| -rw-r--r-- | doc/man3/SSL_CTX_set_options.pod | 19 |
2 files changed, 6 insertions, 14 deletions
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 125164e4c8..8da8f7f060 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -76,7 +76,6 @@ set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Only used by servers. permits or prohibits the use of unsafe legacy renegotiation for OpenSSL clients only. Equivalent to setting or clearing B<SSL_OP_LEGACY_SERVER_CONNECT>. -Set by default. =item B<-prioritize_chacha> diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index 1bc5894127..e84aaac8a8 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -88,8 +88,7 @@ implementations. =item SSL_OP_ALL -All of the above bug workarounds plus B<SSL_OP_LEGACY_SERVER_CONNECT> as -mentioned below. +All of the above bug workarounds. =back @@ -193,8 +192,7 @@ servers. See the B<SECURE RENEGOTIATION> section for more details. =item SSL_OP_LEGACY_SERVER_CONNECT Allow legacy insecure renegotiation between OpenSSL and unpatched servers -B<only>: this option is currently set by default. See the -B<SECURE RENEGOTIATION> section for more details. +B<only>. See the B<SECURE RENEGOTIATION> section for more details. =item SSL_OP_NO_ENCRYPT_THEN_MAC @@ -378,15 +376,10 @@ and renegotiation between patched OpenSSL clients and unpatched servers succeeds. If neither option is set then initial connections to unpatched servers will fail. -The option B<SSL_OP_LEGACY_SERVER_CONNECT> is currently set by default even -though it has security implications: otherwise it would be impossible to -connect to unpatched servers (i.e. all of them initially) and this is clearly -not acceptable. Renegotiation is permitted because this does not add any -additional security issues: during an attack clients do not see any -renegotiations anyway. - -As more servers become patched the option B<SSL_OP_LEGACY_SERVER_CONNECT> will -B<not> be set by default in a future version of OpenSSL. +Setting the option B<SSL_OP_LEGACY_SERVER_CONNECT> has security implications; +clients that are willing to connect to servers that do not implement +RFC 5746 secure renegotiation are subject to attacks such as +CVE-2009-3555. OpenSSL client applications wishing to ensure they can connect to unpatched servers should always B<set> B<SSL_OP_LEGACY_SERVER_CONNECT> |