From d949114c8d3ff173058cecbdab080f7f221cb0b1 Mon Sep 17 00:00:00 2001 From: doug Date: Mon, 15 Jun 2015 02:57:05 +0000 Subject: [PATCH] Update SSL_OP_* to remove ancient hacks that are no longer enabled. --- lib/libssl/doc/SSL_CTX_set_options.3 | 24 +++++++++----------- lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 | 24 +++++++++----------- 2 files changed, 22 insertions(+), 26 deletions(-) diff --git a/lib/libssl/doc/SSL_CTX_set_options.3 b/lib/libssl/doc/SSL_CTX_set_options.3 index 6036dcdb2d6..b940c3d7d07 100644 --- a/lib/libssl/doc/SSL_CTX_set_options.3 +++ b/lib/libssl/doc/SSL_CTX_set_options.3 @@ -1,7 +1,7 @@ .\" -.\" $OpenBSD: SSL_CTX_set_options.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ +.\" $OpenBSD: SSL_CTX_set_options.3,v 1.3 2015/06/15 02:57:05 doug Exp $ .\" -.Dd $Mdocdate: December 2 2014 $ +.Dd $Mdocdate: June 15 2015 $ .Dt SSL_CTX_SET_OPTIONS 3 .Os .Sh NAME @@ -100,21 +100,19 @@ The following options are available: .Bl -tag -width Ds .It Dv SSL_OP_MICROSOFT_SESS_ID_BUG -.Lk www.microsoft.com -\(en when talking SSLv2, if session-id reuse is performed, -the session-id passed back in the server-finished message is different from the -one decided upon. +As of +.Ox 5.8 , +this option has no effect. .It Dv SSL_OP_NETSCAPE_CHALLENGE_BUG -Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte challenge but -then appears to only use 16 bytes when generating the encryption keys. -Using 16 bytes is ok but it should be ok to use 32. -According to the SSLv3 spec, one should use 32 bytes for the challenge when -operating in SSLv2/v3 compatibility mode, but as mentioned above, this breaks -this server so 16 bytes is the way to go. +As of +.Ox 5.8 , +this option has no effect. .It Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. .It Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG -\&... +As of +.Ox 5.8 , +this option has no effect. .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER \&... .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 index 6036dcdb2d6..b940c3d7d07 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 @@ -1,7 +1,7 @@ .\" -.\" $OpenBSD: SSL_CTX_set_options.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ +.\" $OpenBSD: SSL_CTX_set_options.3,v 1.3 2015/06/15 02:57:05 doug Exp $ .\" -.Dd $Mdocdate: December 2 2014 $ +.Dd $Mdocdate: June 15 2015 $ .Dt SSL_CTX_SET_OPTIONS 3 .Os .Sh NAME @@ -100,21 +100,19 @@ The following options are available: .Bl -tag -width Ds .It Dv SSL_OP_MICROSOFT_SESS_ID_BUG -.Lk www.microsoft.com -\(en when talking SSLv2, if session-id reuse is performed, -the session-id passed back in the server-finished message is different from the -one decided upon. +As of +.Ox 5.8 , +this option has no effect. .It Dv SSL_OP_NETSCAPE_CHALLENGE_BUG -Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte challenge but -then appears to only use 16 bytes when generating the encryption keys. -Using 16 bytes is ok but it should be ok to use 32. -According to the SSLv3 spec, one should use 32 bytes for the challenge when -operating in SSLv2/v3 compatibility mode, but as mentioned above, this breaks -this server so 16 bytes is the way to go. +As of +.Ox 5.8 , +this option has no effect. .It Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect. .It Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG -\&... +As of +.Ox 5.8 , +this option has no effect. .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER \&... .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG -- 2.20.1