From 51008ffce12b1bf6077efccc19623d9f811a9a8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Wed, 17 Oct 2001 11:56:26 +0000 Subject: document SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION --- doc/ssl/SSL_CTX_set_options.pod | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'doc') diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index ad300bf798..c10055c6e7 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -106,7 +106,7 @@ All of the above bug workarounds. =back -It is safe and recommended to use SSL_OP_ALL to enable the bug workaround +It is safe and recommended to use B to enable the bug workaround options. The following B options are available: @@ -134,7 +134,7 @@ the DH parameters were not generated using "strong" primes (e.g. when using DSA-parameters, see L). If "strong" primes were used, it is not strictly necessary to generate a new DH key during each handshake but it is also recommended. -SSL_OP_SINGLE_DH_USE should therefore be enabled whenever +B should therefore be enabled whenever temporary/ephemeral DH parameters are used. =item SSL_OP_EPHEMERAL_RSA @@ -187,6 +187,12 @@ Do not use the SSLv3 protocol. Do not use the TLSv1 protocol. +=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION + +When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients. + =back =head1 RETURN VALUES @@ -205,10 +211,12 @@ L =head1 HISTORY -SSL_OP_CIPHER_SERVER_PREFERENCE has been added in OpenSSL 0.9.7. +B and +B have been added in +OpenSSL 0.9.7. -SSL_OP_TLS_ROLLBACK_BUG has been added in OpenSSL 0.9.6 and was automatically -enabled with SSL_OP_ALL. As of 0.9.7 it is no longer included in SSL_OP_ALL +B has been added in OpenSSL 0.9.6 and was automatically +enabled with B. As of 0.9.7, it is no longer included in B and must be explicitly set. =cut -- cgit v1.2.3