Loading doc/ssl/SSL_CTX_set_mode.pod +10 −0 Original line number Diff line number Diff line Loading @@ -71,6 +71,16 @@ SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections. =item SSL_MODE_SEND_FALLBACK_SCSV Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications that reconnect with a downgraded protocol version; see draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your application attempts a normal handshake. Only use this in explicit fallback retries, following the guidance in draft-ietf-tls-downgrade-scsv-00. =back =head1 RETURN VALUES Loading ssl/ssl.h +7 −2 Original line number Diff line number Diff line Loading @@ -654,8 +654,13 @@ struct ssl_session_st #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L /* Send TLS_FALLBACK_SCSV in the ClientHello. * To be set by applications that reconnect with a downgraded protocol * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ * To be set only by applications that reconnect with a downgraded protocol * version; see draft-ietf-tls-downgrade-scsv-00 for details. * * DO NOT ENABLE THIS if your application attempts a normal handshake. * Only use this in explicit fallback retries, following the guidance * in draft-ietf-tls-downgrade-scsv-00. */ #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, Loading Loading
doc/ssl/SSL_CTX_set_mode.pod +10 −0 Original line number Diff line number Diff line Loading @@ -71,6 +71,16 @@ SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections. =item SSL_MODE_SEND_FALLBACK_SCSV Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications that reconnect with a downgraded protocol version; see draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your application attempts a normal handshake. Only use this in explicit fallback retries, following the guidance in draft-ietf-tls-downgrade-scsv-00. =back =head1 RETURN VALUES Loading
ssl/ssl.h +7 −2 Original line number Diff line number Diff line Loading @@ -654,8 +654,13 @@ struct ssl_session_st #define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L #define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L /* Send TLS_FALLBACK_SCSV in the ClientHello. * To be set by applications that reconnect with a downgraded protocol * version; see draft-ietf-tls-downgrade-scsv-00 for details. */ * To be set only by applications that reconnect with a downgraded protocol * version; see draft-ietf-tls-downgrade-scsv-00 for details. * * DO NOT ENABLE THIS if your application attempts a normal handshake. * Only use this in explicit fallback retries, following the guidance * in draft-ietf-tls-downgrade-scsv-00. */ #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>