handshake: add FALLBACK_SCSV priority option

This allows clients to enable the TLS_FALLBACK_SCSV mechanism during the handshake, as defined in RFC7507.
author: Alessandro Ghedini <alessandro@ghedini.me> 2015-08-01 00:38:10 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-08-01 14:22:33 +0200
commit: 21f89efad7014a5ee0debd4cd3d59e27774b29e6 (patch)
tree: 262f91ee5e1d01da71211c738ae397f84bd1b035 /doc
parent: db9a7d810f9ee4c9cc49731f5fd9bdeae68d7eaa (diff)
download: gnutls-21f89efad7014a5ee0debd4cd3d59e27774b29e6.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index e6b60618f3..48b3a23221 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1207,6 +1207,12 @@ will enforce safe renegotiation.  Clients and
 servers will refuse to talk to an insecure peer.  Currently this
 causes interoperability problems, but is required for full protection.
 
+@item %FALLBACK_SCSV @tab
+will enable the use of the fallback signaling cipher suite value in the
+client hello.  Note that this should be set only by applications that
+try to reconnect with a downgraded protocol version. See RFC7507 for
+details.
+
 @item %VERIFY_ALLOW_SIGN_RSA_MD5 @tab
 will allow RSA-MD5 signatures in certificate chains.
author	Alessandro Ghedini <alessandro@ghedini.me>	2015-08-01 00:38:10 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-08-01 14:22:33 +0200
commit	21f89efad7014a5ee0debd4cd3d59e27774b29e6 (patch)
tree	262f91ee5e1d01da71211c738ae397f84bd1b035 /doc
parent	db9a7d810f9ee4c9cc49731f5fd9bdeae68d7eaa (diff)
download	gnutls-21f89efad7014a5ee0debd4cd3d59e27774b29e6.tar.gz