diff options
author | Todd Short <tshort@akamai.com> | 2017-05-10 16:46:14 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-06-06 22:39:41 +0100 |
commit | db0f35dda18403accabe98e7780f3dfc516f49de (patch) | |
tree | 68a7b32f8f99c5624e2d0bb1089f6bf34047f01f /doc | |
parent | 270d65fa34caa974fb27c9b161b0c9b6cd806c76 (diff) | |
download | openssl-db0f35dda18403accabe98e7780f3dfc516f49de.tar.gz |
Fix #2400 Add NO_RENEGOTIATE option
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3432)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/SSL_CONF_cmd.pod | 10 | ||||
-rw-r--r-- | doc/man3/SSL_CTX_set_options.pod | 5 |
2 files changed, 15 insertions, 0 deletions
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 18cc88f59b..7b751fdef3 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -125,6 +125,11 @@ Attempts to pad TLS 1.3 records so that they are a multiple of B<value> in length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the B<value> must be >1 or <=16384. +=item B<-no_renegotiation> + +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +B<SSL_OP_NO_RENEGOTIATION>. + =item B<-min_protocol>, B<-max_protocol> Sets the minimum and maximum supported protocol. @@ -257,6 +262,11 @@ Attempts to pad TLS 1.3 records so that they are a multiple of B<value> in length on send. A B<value> of 0 or 1 turns off padding. Otherwise, the B<value> must be >1 or <=16384. +=item B<NoRenegotiation> + +Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting +B<SSL_OP_NO_RENEGOTIATION>. + =item B<SignatureAlgorithms> This sets the supported signature algorithms for TLS v1.2. For clients this diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index d12a0399c0..5155a1f679 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -170,6 +170,11 @@ RFC7366 Encrypt-then-MAC option on TLS and DTLS connection. If this option is set, Encrypt-then-MAC is disabled. Clients will not propose, and servers will not accept the extension. +=item SSL_OP_NO_RENEGOTIATION + +Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest +messages, and ignore renegotiation requests via ClientHello. + =back The following options no longer have any effect but their identifiers are |