Turn on TLSv1.3 downgrade protection by default

Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6741)
author: Matt Caswell <matt@openssl.org> 2018-07-18 16:13:14 +0100
committer: Matt Caswell <matt@openssl.org> 2018-08-15 12:33:30 +0100
commit: 9f22c527232d8babfa4827dff34a6707e8880dd9 (patch)
tree: dcc7a43d93421790c76b5a4aab274285e2dcd15d /INSTALL
parent: 35e742ecac9239539db016e1282b4cbdf501509c (diff)
download: openssl-new-9f22c527232d8babfa4827dff34a6707e8880dd9.tar.gz
1 files changed, 0 insertions, 10 deletions
diff --git a/INSTALL b/INSTALL
index 34023dcd75..ff0aa6d127 100644
--- a/INSTALL
+++ b/INSTALL
@@ -476,16 +476,6 @@
                    require additional system-dependent options! See "Note on
                    multi-threading" below.
 
-  enable-tls13downgrade
-                   TODO(TLS1.3): Make this enabled by default and remove the
-                   option when TLSv1.3 is out of draft
-                   TLSv1.3 offers a downgrade protection mechanism. This is
-                   implemented but disabled by default. It should not typically
-                   be enabled except for testing purposes. Otherwise this could
-                   cause problems if a pre-RFC version of OpenSSL talks to an
-                   RFC implementation (it will erroneously be detected as a
-                   downgrade).
-
   no-ts
                    Don't build Time Stamping Authority support.
author	Matt Caswell <matt@openssl.org>	2018-07-18 16:13:14 +0100
committer	Matt Caswell <matt@openssl.org>	2018-08-15 12:33:30 +0100
commit	9f22c527232d8babfa4827dff34a6707e8880dd9 (patch)
tree	dcc7a43d93421790c76b5a4aab274285e2dcd15d /INSTALL
parent	35e742ecac9239539db016e1282b4cbdf501509c (diff)
download	openssl-new-9f22c527232d8babfa4827dff34a6707e8880dd9.tar.gz