Loading doc/ssl/SSL_CTX_set_mode.pod +6 −2 Original line number Diff line number Diff line Loading @@ -71,12 +71,16 @@ SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections. =item SSL_MODE_FALLBACK_SCSV =item SSL_MODE_SEND_FALLBACK_SCSV Send TLS_FALLBACK_SCSV in the ClientHello. To be set by applications that reconnect with a downgraded protocol To be set only by applications that reconnect with a downgraded protocol version; see draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your application attempts a normal handshake. Only use this in explicit fallback retries, following the guidance in draft-ietf-tls-downgrade-scsv-00. =back =head1 RETURN VALUES Loading ssl/ssl.h +7 −2 Original line number Diff line number Diff line Loading @@ -606,8 +606,13 @@ typedef struct ssl_session_st * or just freed (depending on the context's setting for freelist_max_len). */ #define SSL_MODE_RELEASE_BUFFERS 0x00000010L /* Send TLS_FALLBACK_SCSV in the ClientHello. * To be set by applications that reconnect with a downgraded protocol * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ * To be set only by applications that reconnect with a downgraded protocol * version; see draft-ietf-tls-downgrade-scsv-00 for details. * * DO NOT ENABLE THIS if your application attempts a normal handshake. * Only use this in explicit fallback retries, following the guidance * in draft-ietf-tls-downgrade-scsv-00. */ #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, Loading Loading
doc/ssl/SSL_CTX_set_mode.pod +6 −2 Original line number Diff line number Diff line Loading @@ -71,12 +71,16 @@ SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections. =item SSL_MODE_FALLBACK_SCSV =item SSL_MODE_SEND_FALLBACK_SCSV Send TLS_FALLBACK_SCSV in the ClientHello. To be set by applications that reconnect with a downgraded protocol To be set only by applications that reconnect with a downgraded protocol version; see draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your application attempts a normal handshake. Only use this in explicit fallback retries, following the guidance in draft-ietf-tls-downgrade-scsv-00. =back =head1 RETURN VALUES Loading
ssl/ssl.h +7 −2 Original line number Diff line number Diff line Loading @@ -606,8 +606,13 @@ typedef struct ssl_session_st * or just freed (depending on the context's setting for freelist_max_len). */ #define SSL_MODE_RELEASE_BUFFERS 0x00000010L /* Send TLS_FALLBACK_SCSV in the ClientHello. * To be set by applications that reconnect with a downgraded protocol * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ * To be set only by applications that reconnect with a downgraded protocol * version; see draft-ietf-tls-downgrade-scsv-00 for details. * * DO NOT ENABLE THIS if your application attempts a normal handshake. * Only use this in explicit fallback retries, following the guidance * in draft-ietf-tls-downgrade-scsv-00. */ #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>