Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL and move SSL_OP_NO_TLSv1_1
This commit is contained in:
Dr. Stephen Henson
parent
b5c002d5a8
commit
22c2155595
1 changed files with 4 additions and 3 deletions
|
|
@ -525,7 +525,7 @@ typedef struct ssl_session_st
|
||||||
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
|
#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
|
||||||
#define SSL_OP_TLS_D5_BUG 0x00000100L
|
#define SSL_OP_TLS_D5_BUG 0x00000100L
|
||||||
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
|
#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
|
||||||
#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00000400L
|
#define SSL_OP_NO_TLSv1_1 0x00000400L
|
||||||
|
|
||||||
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
|
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
|
||||||
* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
|
* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
|
||||||
|
|
@ -536,7 +536,7 @@ typedef struct ssl_session_st
|
||||||
|
|
||||||
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
|
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
|
||||||
* This used to be 0x000FFFFFL before 0.9.7. */
|
* This used to be 0x000FFFFFL before 0.9.7. */
|
||||||
#define SSL_OP_ALL 0x80000FFFL
|
#define SSL_OP_ALL 0x80000BFFL
|
||||||
|
|
||||||
/* DTLS options */
|
/* DTLS options */
|
||||||
#define SSL_OP_NO_QUERY_MTU 0x00001000L
|
#define SSL_OP_NO_QUERY_MTU 0x00001000L
|
||||||
|
|
@ -551,6 +551,8 @@ typedef struct ssl_session_st
|
||||||
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
|
#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
|
||||||
/* Don't use compression even if supported */
|
/* Don't use compression even if supported */
|
||||||
#define SSL_OP_NO_COMPRESSION 0x00020000L
|
#define SSL_OP_NO_COMPRESSION 0x00020000L
|
||||||
|
/* Permit unsafe legacy renegotiation */
|
||||||
|
#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
|
||||||
/* If set, always create a new key when using tmp_ecdh parameters */
|
/* If set, always create a new key when using tmp_ecdh parameters */
|
||||||
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
|
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
|
||||||
/* If set, always create a new key when using tmp_dh parameters */
|
/* If set, always create a new key when using tmp_dh parameters */
|
||||||
|
|
@ -570,7 +572,6 @@ typedef struct ssl_session_st
|
||||||
#define SSL_OP_NO_SSLv2 0x01000000L
|
#define SSL_OP_NO_SSLv2 0x01000000L
|
||||||
#define SSL_OP_NO_SSLv3 0x02000000L
|
#define SSL_OP_NO_SSLv3 0x02000000L
|
||||||
#define SSL_OP_NO_TLSv1 0x04000000L
|
#define SSL_OP_NO_TLSv1 0x04000000L
|
||||||
#define SSL_OP_NO_TLSv1_1 0x00040000L
|
|
||||||
|
|
||||||
/* The next flag deliberately changes the ciphertest, this is a check
|
/* The next flag deliberately changes the ciphertest, this is a check
|
||||||
* for the PKCS#1 attack */
|
* for the PKCS#1 attack */
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue