projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Make the TLSv1.3 downgrade mechanism a configurable option
[openssl.git] / INSTALL
diff --git a/INSTALL b/INSTALL
index d741b9f5a02cd8b5e0c87c18a9f52d001687b880..59486efbb423feabf7fdaa9463a5e4020ace2dc5 100644 (file)
--- a/INSTALL
+++ b/INSTALL
@@ -427,6 +427,16 @@
                    require additional system-dependent options! See "Note on
                    multi-threading" below.
 
+  enable-tls13downgrade
+                   TODO(TLS1.3): Make this enabled by default and remove the
+                   option when TLSv1.3 is out of draft
+                   TLSv1.3 offers a downgrade protection mechanism. This is
+                   implemented but disabled by default. It should not typically
+                   be enabled except for testing purposes. Otherwise this could
+                   cause problems if a pre-RFC version of OpenSSL talks to an
+                   RFC implementation (it will erroneously be detected as a
+                   downgrade).
+
   no-ts
                    Don't build Time Stamping Authority support.
 
Unnamed repository; edit this file 'description' to name the repository.