diff options
author | David Woodhouse <David.Woodhouse@intel.com> | 2016-10-14 00:26:38 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-10-17 23:17:39 +0100 |
commit | cde6145ba19a2fce039cf054a89e49f67c623c59 (patch) | |
tree | cc60b106c093537f46184a64708050622286d28b /doc/ssl | |
parent | e23d5071ec4c7aa6bb2b0f2c3e0fc2182ed7e63f (diff) | |
download | openssl-cde6145ba19a2fce039cf054a89e49f67c623c59.tar.gz |
Add SSL_OP_NO_ENCRYPT_THEN_MAC
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'doc/ssl')
-rw-r--r-- | doc/ssl/SSL_CTX_set_options.pod | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 635b470e12..63609f3a31 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -189,6 +189,14 @@ Allow legacy insecure renegotiation between OpenSSL and unpatched servers B<only>: this option is currently set by default. See the B<SECURE RENEGOTIATION> section for more details. +=item SSL_OP_NO_ENCRYPT_THEN_MAC + +Normally clients and servers will transparently attempt to negotiate the +RFC7366 Encrypt-then-MAC option on TLS and DTLS connection. + +If this option is set, Encrypt-then-MAC is disabled. Clients will not +propose, and servers will not accept the extension. + =back =head1 SECURE RENEGOTIATION |