[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Mon Feb 5 10:57:32 UTC 2018
The branch master has been updated
via 1c4b15458670aea5d3849d4b57b8c0ce34a54fbe (commit)
from 1f5878b8e25a785dde330bf485e6ed5a6ae09a1a (commit)
- Log -----------------------------------------------------------------
commit 1c4b15458670aea5d3849d4b57b8c0ce34a54fbe
Author: Matt Caswell <matt at openssl.org>
Date: Fri Feb 2 10:17:06 2018 +0000
Add MiddleboxCompat option to SSL_CONF_cmd man page
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5244)
-----------------------------------------------------------------------
Summary of changes:
doc/man3/SSL_CONF_cmd.pod | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 27317e0..5179e29 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -420,6 +420,12 @@ B<AllowNoDHEKEX>: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on
resumption. This means that there will be no forward secrecy for the resumed
session. Equivalent to B<SSL_OP_ALLOW_NO_DHE_KEX>.
+B<MiddleboxCompat>: If set then dummy Change Cipher Spec (CCS) messages are sent
+in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that
+middleboxes that do not understand TLSv1.3 will not drop the connection. This
+option is set by default. A future version of OpenSSL may not set this by
+default. Equivalent to B<SSL_OP_ENABLE_MIDDLEBOX_COMPAT>.
+
=item B<VerifyMode>
The B<value> argument is a comma separated list of flags to set.
More information about the openssl-commits
mailing list