Add SSL_OP_NO_ENCRYPT_THEN_MAC

Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
author: David Woodhouse <David.Woodhouse@intel.com> 2016-10-14 00:26:38 +0100
committer: Matt Caswell <matt@openssl.org> 2016-10-17 23:17:39 +0100
commit: cde6145ba19a2fce039cf054a89e49f67c623c59 (patch)
tree: cc60b106c093537f46184a64708050622286d28b /doc/ssl
parent: e23d5071ec4c7aa6bb2b0f2c3e0fc2182ed7e63f (diff)
download: openssl-cde6145ba19a2fce039cf054a89e49f67c623c59.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
index 635b470e12..63609f3a31 100644
--- a/doc/ssl/SSL_CTX_set_options.pod
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -189,6 +189,14 @@ Allow legacy insecure renegotiation between OpenSSL and unpatched servers
 B<only>: this option is currently set by default. See the
 B<SECURE RENEGOTIATION> section for more details.
 
+=item SSL_OP_NO_ENCRYPT_THEN_MAC
+
+Normally clients and servers will transparently attempt to negotiate the
+RFC7366 Encrypt-then-MAC option on TLS and DTLS connection.
+
+If this option is set, Encrypt-then-MAC is disabled. Clients will not
+propose, and servers will not accept the extension.
+
 =back
 
 =head1 SECURE RENEGOTIATION
author	David Woodhouse <David.Woodhouse@intel.com>	2016-10-14 00:26:38 +0100
committer	Matt Caswell <matt@openssl.org>	2016-10-17 23:17:39 +0100
commit	cde6145ba19a2fce039cf054a89e49f67c623c59 (patch)
tree	cc60b106c093537f46184a64708050622286d28b /doc/ssl
parent	e23d5071ec4c7aa6bb2b0f2c3e0fc2182ed7e63f (diff)
download	openssl-cde6145ba19a2fce039cf054a89e49f67c623c59.tar.gz