openbsd/src/lib/libssl/doc, branch OPENBSD_5_8

openbsd/src/lib/libssl/doc, branch OPENBSD_5_8_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_5_8_BASE 2015-08-02T21:54:22+00:00 This commit was manufactured by cvs2git to create tag 'OPENBSD_5_8_BASE'. 2015-08-02T21:54:22+00:00 cvs2svn admin@example.com 2015-08-02T21:54:22+00:00 urn:sha1:92262c9818409ff436c41f1e51c2cea5b227f152 an TLS -> a TLS; from thanos tsouanas 2015-07-24T15:25:08+00:00 jmc 2015-07-24T15:25:08+00:00 urn:sha1:3a123d7b7fd9497703efd6aa45f42efaacfc4e15 Remove SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER workaround. 2015-07-18T19:41:54+00:00 doug 2015-07-18T19:41:54+00:00 urn:sha1:3100abf8a83f9dc563a4c846c2609eb7f3f4e185 This was a hack to work around problems on IE 6 with SSLv3. ok miod@ bcook@ Remove support for the SSL_OP_TLS_D5_BUG compat hack from SSLeay. 2015-07-18T01:42:26+00:00 doug 2015-07-18T01:42:26+00:00 urn:sha1:669db20d789c5e90bdf7957c8b9049cfb5a246f6 This is a 17 year old workaround from SSLeay 0.9.0b. It was for clients that send RSA client key exchange in TLS using SSLv3 format (no length prefix). ok jsing@ Remove compat hack that disabled ECDHE-ECDSA on OS X. 2015-07-17T15:50:37+00:00 doug 2015-07-17T15:50:37+00:00 urn:sha1:5cba53e692be72d0915031b26de7cdc95c7beea9 For a few old releases, ECDHE-ECDSA was broken on OS X. This option cannot differentiate between working and broken OS X so it disabled ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty releases but these are no longer relevant. Tested on OS X 10.10 by jsing. ok jsing@ Remove workaround for TLS padding bug from SSLeay days. 2015-07-17T07:04:41+00:00 doug 2015-07-17T07:04:41+00:00 urn:sha1:72d01d7d13377f8533acd81c582f9c5fedba7439 OpenSSL doesn't remember which clients were impacted and the functionality has been broken in their stable releases for 2 years. Based on OpenSSL commit a8e4ac6a2fe67c19672ecf0c6aeafa15801ce3a5. ok jsing@ Remove Microsoft Server Gated Crypto. 2015-06-18T22:51:05+00:00 doug 2015-06-18T22:51:05+00:00 urn:sha1:dcf41c369c66abeda9455a63d221f867cb78f343 Another relic due to the old US crypto policy. From OpenSSL commit 63eab8a620944a990ab3985620966ccd9f48d681 and 95275599399e277e71d064790a1f828a99fc661a. ok jsing@ miod@ Remove ancient SSL_OP_NETSCAPE_CA_DN_BUG from SSLeay days. 2015-06-15T05:32:58+00:00 doug 2015-06-15T05:32:58+00:00 urn:sha1:d95277cd2ce585f3b393ef8e10e3032d4fc20b26 This commit matches the OpenSSL removal in commit 3c33c6f6b10864355553961e638514a6d1bb00f6. ok deraadt@ Remove ancient compat hack SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG. 2015-06-15T05:16:56+00:00 doug 2015-06-15T05:16:56+00:00 urn:sha1:9ba655e8de0108108cb3cf297a427fb5944fcc43 This was imported into OpenSSL from SSLeay. It was recently deleted in OpenSSL commit 7a4dadc3a6a487db92619622b820eb4f7be512c9 Remove 1997's compat hack SSL_OP_SSLEAY_080_CLIENT_DH_BUG. 2015-06-15T03:32:59+00:00 doug 2015-06-15T03:32:59+00:00 urn:sha1:de295321df5cb842ba692cfe761ab4ce67919071 This is a hack for an old version of SSLeay which predates OpenSSL.