On 09.12.2009 19:16, Dr. Stephen Henson wrote:
OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________________________
Server: cvs.openssl.org Name: Dr. Stephen Henson
Root: /v/openssl/cvs Email: st...@openssl.org
Module: openssl Date: 09-Dec-2009 19:16:50
Branch: HEAD Handle: 2009120918165000
Modified files:
openssl/doc/ssl SSL_CTX_set_options.pod
Log:
clarify docs
Summary:
Revision Changes Path
1.17 +10 -9 openssl/doc/ssl/SSL_CTX_set_options.pod
____________________________________________________________________________
patch -p0<<'@@ .'
Index: openssl/doc/ssl/SSL_CTX_set_options.pod
============================================================================
$ cvs diff -u -r1.16 -r1.17 SSL_CTX_set_options.pod
--- openssl/doc/ssl/SSL_CTX_set_options.pod 9 Dec 2009 17:59:29 -0000
1.16
+++ openssl/doc/ssl/SSL_CTX_set_options.pod 9 Dec 2009 18:16:50 -0000
1.17
...
@@ -254,13 +254,14 @@
whether an attack is taking place.
If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then the
-renegotiation between unpatched clients and patched servers is permitted as
-well as initial connections and renegotiation between patched clients and
-unpatched servers. This option should be used with caution because it leaves
-both clients and servers vulnerable. However unpatched servers and clients
are
-likely to be around for some time and simply refusing to connect to
unpatched
-servers may well be considered unacceptable. So applications may be forced
to
-use this option for the immediate future.
+above restrictions are relaxed. Renegotiation is permissible and initial
+initial connections to unpatched servers will succeed.
"permissible and initial initial connections"
^^^^^^^^^^^^^^^
See also revision 1.15.2.2 in 1_0_0 and 1.13.2.5 in 0_9_8.
Regards,
Rainer
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
