handshake: add FALLBACK_SCSV priority option

This allows clients to enable the TLS_FALLBACK_SCSV mechanism during the handshake, as defined in RFC7507.
author: Alessandro Ghedini <alessandro@ghedini.me> 2015-08-01 00:38:10 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-08-01 12:21:14 +0000
commit: 11b219cc94d7f27dabe7ef3414ed28add1d1075a (patch)
tree: fb91762c537a327dcd40ca2e59dce72311a97f99 /doc
parent: f1ae513170eb526e98543bfe0182ead5cdd0a975 (diff)
download: gnutls-11b219cc94d7f27dabe7ef3414ed28add1d1075a.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index e6b60618f3..48b3a23221 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1207,6 +1207,12 @@ will enforce safe renegotiation.  Clients and
 servers will refuse to talk to an insecure peer.  Currently this
 causes interoperability problems, but is required for full protection.
 
+@item %FALLBACK_SCSV @tab
+will enable the use of the fallback signaling cipher suite value in the
+client hello.  Note that this should be set only by applications that
+try to reconnect with a downgraded protocol version. See RFC7507 for
+details.
+
 @item %VERIFY_ALLOW_SIGN_RSA_MD5 @tab
 will allow RSA-MD5 signatures in certificate chains.
author	Alessandro Ghedini <alessandro@ghedini.me>	2015-08-01 00:38:10 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-08-01 12:21:14 +0000
commit	11b219cc94d7f27dabe7ef3414ed28add1d1075a (patch)
tree	fb91762c537a327dcd40ca2e59dce72311a97f99 /doc
parent	f1ae513170eb526e98543bfe0182ead5cdd0a975 (diff)
download	gnutls-11b219cc94d7f27dabe7ef3414ed28add1d1075a.tar.gz