summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl3.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/ssl3.h11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index baaa89e717..9c2c41287a 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -379,6 +379,17 @@ typedef struct ssl3_buffer_st
379#define SSL3_FLAGS_POP_BUFFER 0x0004 379#define SSL3_FLAGS_POP_BUFFER 0x0004
380#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 380#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
381#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 381#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
382
383/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
384 * restart a handshake because of MS SGC and so prevents us
385 * from restarting the handshake in a loop. It's reset on a
386 * renegotiation, so effectively limits the client to one restart
387 * per negotiation. This limits the possibility of a DDoS
388 * attack where the client handshakes in a loop using SGC to
389 * restart. Servers which permit renegotiation can still be
390 * effected, but we can't prevent that.
391 */
392#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
382 393
383typedef struct ssl3_state_st 394typedef struct ssl3_state_st
384 { 395 {