diff options
Diffstat (limited to 'src/lib/libssl/ssl.h')
| -rw-r--r-- | src/lib/libssl/ssl.h | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 6331601a4c..1276b2ff47 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -546,14 +546,16 @@ struct ssl_session_st { | |||
| 546 | 546 | ||
| 547 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | 547 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added |
| 548 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) | 548 | * in OpenSSL 0.9.6d. Usually (depending on the application protocol) |
| 549 | * the workaround is not needed. Unfortunately some broken SSL/TLS | 549 | * the workaround is not needed. |
| 550 | * implementations cannot handle it at all, which is why we include | 550 | * Unfortunately some broken SSL/TLS implementations cannot handle it |
| 551 | * it in SSL_OP_ALL. */ | 551 | * at all, which is why it was previously included in SSL_OP_ALL. |
| 552 | * Now it's not. | ||
| 553 | */ | ||
| 552 | #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ | 554 | #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */ |
| 553 | 555 | ||
| 554 | /* SSL_OP_ALL: various bug workarounds that should be rather harmless. | 556 | /* SSL_OP_ALL: various bug workarounds that should be rather harmless. |
| 555 | * This used to be 0x000FFFFFL before 0.9.7. */ | 557 | * This used to be 0x000FFFFFL before 0.9.7. */ |
| 556 | #define SSL_OP_ALL 0x80000BFFL | 558 | #define SSL_OP_ALL 0x800004FFL |
| 557 | 559 | ||
| 558 | /* DTLS options */ | 560 | /* DTLS options */ |
| 559 | #define SSL_OP_NO_QUERY_MTU 0x00001000L | 561 | #define SSL_OP_NO_QUERY_MTU 0x00001000L |