diff options
| author | schwarze <> | 2018-04-11 18:05:49 +0000 |
|---|---|---|
| committer | schwarze <> | 2018-04-11 18:05:49 +0000 |
| commit | 7eaeb0d1b3ae143b8adb8634c48219a657764be9 (patch) | |
| tree | ad67952cb67aa144e6e2888de790e8a867a08d09 /src | |
| parent | 4d132fdc372189fa2be2978dc75a3654032aaec6 (diff) | |
| download | openbsd-7eaeb0d1b3ae143b8adb8634c48219a657764be9.tar.gz openbsd-7eaeb0d1b3ae143b8adb8634c48219a657764be9.tar.bz2 openbsd-7eaeb0d1b3ae143b8adb8634c48219a657764be9.zip | |
In ssl.h rev. 1.155 2018/04/11 17:47:36, jsing@ changed
SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect.
Update the manual page.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/man/SSL_CTX_set_options.3 | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/src/lib/libssl/man/SSL_CTX_set_options.3 b/src/lib/libssl/man/SSL_CTX_set_options.3 index 090a767874..4535eee573 100644 --- a/src/lib/libssl/man/SSL_CTX_set_options.3 +++ b/src/lib/libssl/man/SSL_CTX_set_options.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.11 2018/03/24 00:55:37 schwarze Exp $ | 1 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.12 2018/04/11 18:05:49 schwarze Exp $ |
| 2 | .\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100 | 2 | .\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100 |
| 3 | .\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000 | 3 | .\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000 |
| 4 | .\" | 4 | .\" |
| @@ -52,7 +52,7 @@ | |||
| 52 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | 52 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 53 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. | 53 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
| 54 | .\" | 54 | .\" |
| 55 | .Dd $Mdocdate: March 24 2018 $ | 55 | .Dd $Mdocdate: April 11 2018 $ |
| 56 | .Dt SSL_CTX_SET_OPTIONS 3 | 56 | .Dt SSL_CTX_SET_OPTIONS 3 |
| 57 | .Os | 57 | .Os |
| 58 | .Sh NAME | 58 | .Sh NAME |
| @@ -209,17 +209,6 @@ Do not use the TLSv1.2 protocol. | |||
| 209 | Deprecated; use | 209 | Deprecated; use |
| 210 | .Xr SSL_CTX_set_max_proto_version 3 | 210 | .Xr SSL_CTX_set_max_proto_version 3 |
| 211 | instead. | 211 | instead. |
| 212 | .It Dv SSL_OP_TLS_ROLLBACK_BUG | ||
| 213 | Disable version rollback attack detection. | ||
| 214 | .Pp | ||
| 215 | During the client key exchange, the client must send the same information | ||
| 216 | about acceptable SSL/TLS protocol levels as during the first hello. | ||
| 217 | Some clients violate this rule by adapting to the server's answer. | ||
| 218 | (Example: the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, | ||
| 219 | the server only understands up to SSLv3. | ||
| 220 | In this case the client must still use the same SSLv3.1=TLSv1 announcement. | ||
| 221 | Some clients step down to SSLv3 with respect to the server's answer and violate | ||
| 222 | the version rollback protection.) | ||
| 223 | .El | 212 | .El |
| 224 | .Pp | 213 | .Pp |
| 225 | The following options used to be supported at some point in the past | 214 | The following options used to be supported at some point in the past |
| @@ -244,6 +233,7 @@ and no longer have any effect: | |||
| 244 | .Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG , | 233 | .Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG , |
| 245 | .Dv SSL_OP_TLS_BLOCK_PADDING_BUG , | 234 | .Dv SSL_OP_TLS_BLOCK_PADDING_BUG , |
| 246 | .Dv SSL_OP_TLS_D5_BUG , | 235 | .Dv SSL_OP_TLS_D5_BUG , |
| 236 | .Dv SSL_OP_TLS_ROLLBACK_BUG , | ||
| 247 | .Dv SSL_OP_TLSEXT_PADDING . | 237 | .Dv SSL_OP_TLSEXT_PADDING . |
| 248 | .Sh SECURE RENEGOTIATION | 238 | .Sh SECURE RENEGOTIATION |
| 249 | OpenSSL 0.9.8m and later always attempts to use secure renegotiation as | 239 | OpenSSL 0.9.8m and later always attempts to use secure renegotiation as |