diff options
author | Alessandro Ghedini <alessandro@ghedini.me> | 2015-08-01 00:38:10 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-08-01 12:21:14 +0000 |
commit | 11b219cc94d7f27dabe7ef3414ed28add1d1075a (patch) | |
tree | fb91762c537a327dcd40ca2e59dce72311a97f99 /doc | |
parent | f1ae513170eb526e98543bfe0182ead5cdd0a975 (diff) | |
download | gnutls-11b219cc94d7f27dabe7ef3414ed28add1d1075a.tar.gz |
handshake: add FALLBACK_SCSV priority option
This allows clients to enable the TLS_FALLBACK_SCSV mechanism during
the handshake, as defined in RFC7507.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/cha-gtls-app.texi | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index e6b60618f3..48b3a23221 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1207,6 +1207,12 @@ will enforce safe renegotiation. Clients and servers will refuse to talk to an insecure peer. Currently this causes interoperability problems, but is required for full protection. +@item %FALLBACK_SCSV @tab +will enable the use of the fallback signaling cipher suite value in the +client hello. Note that this should be set only by applications that +try to reconnect with a downgraded protocol version. See RFC7507 for +details. + @item %VERIFY_ALLOW_SIGN_RSA_MD5 @tab will allow RSA-MD5 signatures in certificate chains. |