diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl3.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index baaa89e717..9c2c41287a 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -379,6 +379,17 @@ typedef struct ssl3_buffer_st | |||
| 379 | #define SSL3_FLAGS_POP_BUFFER 0x0004 | 379 | #define SSL3_FLAGS_POP_BUFFER 0x0004 |
| 380 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | 380 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 |
| 381 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | 381 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 |
| 382 | |||
| 383 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we | ||
| 384 | * restart a handshake because of MS SGC and so prevents us | ||
| 385 | * from restarting the handshake in a loop. It's reset on a | ||
| 386 | * renegotiation, so effectively limits the client to one restart | ||
| 387 | * per negotiation. This limits the possibility of a DDoS | ||
| 388 | * attack where the client handshakes in a loop using SGC to | ||
| 389 | * restart. Servers which permit renegotiation can still be | ||
| 390 | * effected, but we can't prevent that. | ||
| 391 | */ | ||
| 392 | #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 | ||
| 382 | 393 | ||
| 383 | typedef struct ssl3_state_st | 394 | typedef struct ssl3_state_st |
| 384 | { | 395 | { |