From: guenther Date: Sat, 19 Apr 2014 10:51:37 +0000 (+0000) Subject: Add SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=7db6eb700494b0312bfd7f24d1837ea356623ef3;p=openbsd Add SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 Document that SSL_OP_NO_SSLv2 is a no-op now --- diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod index d9322825514..43f5514cc14 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod @@ -190,7 +190,8 @@ browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta =item SSL_OP_NO_SSLv2 -Do not use the SSLv2 protocol. +As of OpenBSD 5.6, this option has no effect as SSLv2 support has been removed. +In previous versions it disabled use of the SSLv2 protocol. =item SSL_OP_NO_SSLv3 @@ -198,7 +199,15 @@ Do not use the SSLv3 protocol. =item SSL_OP_NO_TLSv1 -Do not use the TLSv1 protocol. +Do not use the TLSv1.0 protocol. + +=item SSL_OP_NO_TLSv1_1 + +Do not use the TLSv1.1 protocol. + +=item SSL_OP_NO_TLSv1_2 + +Do not use the TLSv1.2 protocol. =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION @@ -335,7 +344,7 @@ B, B and the function SSL_get_secure_renegotiation_support() were first added in OpenSSL 0.9.8m. -B was changed to have no effect -in OpenBSD 5.6. +B and B +were changed to have no effect in OpenBSD 5.6. =cut