Move SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION out of SSL_OP_ALL

author Dr. Stephen Henson <steve@openssl.org>

Fri, 11 Dec 2009 00:20:58 +0000 (00:20 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 11 Dec 2009 00:20:58 +0000 (00:20 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 11 Dec 2009 00:20:58 +0000 (00:20 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 11 Dec 2009 00:20:58 +0000 (00:20 +0000)
diff --git a/ssl/ssl.h b/ssl/ssl.h

index 2f6dd3c5559c672871f8f6d94690fa2e42179ff2..ffeff09a00fd932b7ed2d666596ae6057b499de1 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -524,7 +524,6 @@ typedef struct ssl_session_st
  #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                        0x00000080L
  #define SSL_OP_TLS_D5_BUG                              0x00000100L
  #define SSL_OP_TLS_BLOCK_PADDING_BUG                   0x00000200L
-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION       0x00000400L
  
  /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
   * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
@@ -550,6 +549,8 @@ typedef struct ssl_session_st
  #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION  0x00010000L
  /* Don't use compression even if supported */
  #define SSL_OP_NO_COMPRESSION                          0x00020000L
+/* Permit unsafe legacy renegotiation */
+#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION       0x00040000L
  /* If set, always create a new key when using tmp_ecdh parameters */
  #define SSL_OP_SINGLE_ECDH_USE                         0x00080000L
  /* If set, always create a new key when using tmp_dh parameters */
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 11 Dec 2009 00:20:58 +0000 (00:20 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 11 Dec 2009 00:20:58 +0000 (00:20 +0000)