diff options
| author | doug <> | 2015-06-15 02:57:05 +0000 |
|---|---|---|
| committer | doug <> | 2015-06-15 02:57:05 +0000 |
| commit | 4f0aff2c6a7e4e9c264f4b339c647a07dc281769 (patch) | |
| tree | 31f99e48c7d50271a5bd610d4f89a051b1797942 /src/lib | |
| parent | 885a73ca83bdc02d64138bdfa717065346335fc9 (diff) | |
| download | openbsd-4f0aff2c6a7e4e9c264f4b339c647a07dc281769.tar.gz openbsd-4f0aff2c6a7e4e9c264f4b339c647a07dc281769.tar.bz2 openbsd-4f0aff2c6a7e4e9c264f4b339c647a07dc281769.zip | |
Update SSL_OP_* to remove ancient hacks that are no longer enabled.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libssl/doc/SSL_CTX_set_options.3 | 24 | ||||
| -rw-r--r-- | src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 | 24 |
2 files changed, 22 insertions, 26 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_set_options.3 b/src/lib/libssl/doc/SSL_CTX_set_options.3 index 6036dcdb2d..b940c3d7d0 100644 --- a/src/lib/libssl/doc/SSL_CTX_set_options.3 +++ b/src/lib/libssl/doc/SSL_CTX_set_options.3 | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | .\" | 1 | .\" |
| 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.3 2015/06/15 02:57:05 doug Exp $ |
| 3 | .\" | 3 | .\" |
| 4 | .Dd $Mdocdate: December 2 2014 $ | 4 | .Dd $Mdocdate: June 15 2015 $ |
| 5 | .Dt SSL_CTX_SET_OPTIONS 3 | 5 | .Dt SSL_CTX_SET_OPTIONS 3 |
| 6 | .Os | 6 | .Os |
| 7 | .Sh NAME | 7 | .Sh NAME |
| @@ -100,21 +100,19 @@ The following | |||
| 100 | options are available: | 100 | options are available: |
| 101 | .Bl -tag -width Ds | 101 | .Bl -tag -width Ds |
| 102 | .It Dv SSL_OP_MICROSOFT_SESS_ID_BUG | 102 | .It Dv SSL_OP_MICROSOFT_SESS_ID_BUG |
| 103 | .Lk www.microsoft.com | 103 | As of |
| 104 | \(en when talking SSLv2, if session-id reuse is performed, | 104 | .Ox 5.8 , |
| 105 | the session-id passed back in the server-finished message is different from the | 105 | this option has no effect. |
| 106 | one decided upon. | ||
| 107 | .It Dv SSL_OP_NETSCAPE_CHALLENGE_BUG | 106 | .It Dv SSL_OP_NETSCAPE_CHALLENGE_BUG |
| 108 | Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte challenge but | 107 | As of |
| 109 | then appears to only use 16 bytes when generating the encryption keys. | 108 | .Ox 5.8 , |
| 110 | Using 16 bytes is ok but it should be ok to use 32. | 109 | this option has no effect. |
| 111 | According to the SSLv3 spec, one should use 32 bytes for the challenge when | ||
| 112 | operating in SSLv2/v3 compatibility mode, but as mentioned above, this breaks | ||
| 113 | this server so 16 bytes is the way to go. | ||
| 114 | .It Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG | 110 | .It Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG |
| 115 | As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. | 111 | As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. |
| 116 | .It Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG | 112 | .It Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG |
| 117 | \&... | 113 | As of |
| 114 | .Ox 5.8 , | ||
| 115 | this option has no effect. | ||
| 118 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | 116 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER |
| 119 | \&... | 117 | \&... |
| 120 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG | 118 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG |
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 index 6036dcdb2d..b940c3d7d0 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | .\" | 1 | .\" |
| 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ | 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.3 2015/06/15 02:57:05 doug Exp $ |
| 3 | .\" | 3 | .\" |
| 4 | .Dd $Mdocdate: December 2 2014 $ | 4 | .Dd $Mdocdate: June 15 2015 $ |
| 5 | .Dt SSL_CTX_SET_OPTIONS 3 | 5 | .Dt SSL_CTX_SET_OPTIONS 3 |
| 6 | .Os | 6 | .Os |
| 7 | .Sh NAME | 7 | .Sh NAME |
| @@ -100,21 +100,19 @@ The following | |||
| 100 | options are available: | 100 | options are available: |
| 101 | .Bl -tag -width Ds | 101 | .Bl -tag -width Ds |
| 102 | .It Dv SSL_OP_MICROSOFT_SESS_ID_BUG | 102 | .It Dv SSL_OP_MICROSOFT_SESS_ID_BUG |
| 103 | .Lk www.microsoft.com | 103 | As of |
| 104 | \(en when talking SSLv2, if session-id reuse is performed, | 104 | .Ox 5.8 , |
| 105 | the session-id passed back in the server-finished message is different from the | 105 | this option has no effect. |
| 106 | one decided upon. | ||
| 107 | .It Dv SSL_OP_NETSCAPE_CHALLENGE_BUG | 106 | .It Dv SSL_OP_NETSCAPE_CHALLENGE_BUG |
| 108 | Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte challenge but | 107 | As of |
| 109 | then appears to only use 16 bytes when generating the encryption keys. | 108 | .Ox 5.8 , |
| 110 | Using 16 bytes is ok but it should be ok to use 32. | 109 | this option has no effect. |
| 111 | According to the SSLv3 spec, one should use 32 bytes for the challenge when | ||
| 112 | operating in SSLv2/v3 compatibility mode, but as mentioned above, this breaks | ||
| 113 | this server so 16 bytes is the way to go. | ||
| 114 | .It Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG | 110 | .It Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG |
| 115 | As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. | 111 | As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. |
| 116 | .It Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG | 112 | .It Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG |
| 117 | \&... | 113 | As of |
| 114 | .Ox 5.8 , | ||
| 115 | this option has no effect. | ||
| 118 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | 116 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER |
| 119 | \&... | 117 | \&... |
| 120 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG | 118 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG |