From aaed77c55ecf82594bf3b44b1bcad66c42611777 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 1 Jun 2014 16:36:24 +0100 Subject: Option to disable padding extension. Add TLS padding extension to SSL_OP_ALL so it is used with other "bugs" options and can be turned off. This replaces SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG which is an ancient option referring to SSLv2 and SSLREF. PR#3336 --- ssl/ssl.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'ssl/ssl.h') diff --git a/ssl/ssl.h b/ssl/ssl.h index 7219a0e64b..4c1242c9d2 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -553,7 +553,7 @@ struct ssl_session_st /* Allow initial connection to servers that don't support RI */ #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L -#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L +#define SSL_OP_TLSEXT_PADDING 0x00000010L #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L @@ -562,6 +562,8 @@ struct ssl_session_st /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +/* Refers to ancient SSLREF and SSLv2, retained for compatibility */ +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added * in OpenSSL 0.9.6d. Usually (depending on the application protocol) -- cgit v1.2.3