22 lines
1.2 KiB
Diff
22 lines
1.2 KiB
Diff
diff -up openssl-0.9.8m/ssl/ssl.h.cipher-change openssl-0.9.8m/ssl/ssl.h
|
|
--- openssl-0.9.8m/ssl/ssl.h.cipher-change 2010-03-22 17:55:54.000000000 +0100
|
|
+++ openssl-0.9.8m/ssl/ssl.h 2010-03-22 17:57:38.000000000 +0100
|
|
@@ -487,7 +487,7 @@ typedef struct ssl_session_st
|
|
#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
|
|
/* Allow initial connection to servers that don't support RI */
|
|
#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
|
|
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
|
|
+#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L /* can break some security expectations */
|
|
#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
|
|
#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
|
|
#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
|
|
@@ -504,7 +504,7 @@ typedef struct ssl_session_st
|
|
|
|
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
|
|
* This used to be 0x000FFFFFL before 0.9.7. */
|
|
-#define SSL_OP_ALL 0x00000FFFL
|
|
+#define SSL_OP_ALL 0x00000FF7L /* without SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG */
|
|
|
|
/* DTLS options */
|
|
#define SSL_OP_NO_QUERY_MTU 0x00001000L
|