diff options
Diffstat (limited to '')
-rw-r--r-- | src/lib/libssl/ssl3.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index baaa89e717..9c2c41287a 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
@@ -379,6 +379,17 @@ typedef struct ssl3_buffer_st | |||
379 | #define SSL3_FLAGS_POP_BUFFER 0x0004 | 379 | #define SSL3_FLAGS_POP_BUFFER 0x0004 |
380 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | 380 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 |
381 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 | 381 | #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 |
382 | |||
383 | /* SSL3_FLAGS_SGC_RESTART_DONE is set when we | ||
384 | * restart a handshake because of MS SGC and so prevents us | ||
385 | * from restarting the handshake in a loop. It's reset on a | ||
386 | * renegotiation, so effectively limits the client to one restart | ||
387 | * per negotiation. This limits the possibility of a DDoS | ||
388 | * attack where the client handshakes in a loop using SGC to | ||
389 | * restart. Servers which permit renegotiation can still be | ||
390 | * effected, but we can't prevent that. | ||
391 | */ | ||
392 | #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 | ||
382 | 393 | ||
383 | typedef struct ssl3_state_st | 394 | typedef struct ssl3_state_st |
384 | { | 395 | { |