[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Fri Feb 2 10:06:37 UTC 2018

The branch master has been updated
       via  22da44fce9ca198d9115e2852e6f9a0183e56886 (commit)
      from  03cb2cc9e53f7ca7539069a388d2767fffa7cf66 (commit)

- Log -----------------------------------------------------------------
commit 22da44fce9ca198d9115e2852e6f9a0183e56886
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Feb 1 17:40:17 2018 +0000

    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5237)


Summary of changes:
 doc/man3/SSL_CTX_set_options.pod | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod
index ba9a95f..0d51077 100644
--- a/doc/man3/SSL_CTX_set_options.pod
+++ b/doc/man3/SSL_CTX_set_options.pod
@@ -189,6 +189,15 @@ those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere
 in the server cipher list; but still allows other clients to use AES and other
+If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This
+has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that
+do not understand TLSv1.3 will not drop the connection. Regardless of whether
+this option is set or not CCS messages received from the peer will always be
+ignored in TLSv1.3. This option is set by default. To switch it off use
+SSL_clear_options(). A future version of OpenSSL may not set this by default.
 The following options no longer have any effect but their identifiers are

More information about the openssl-commits mailing list