=over 4
-=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
-
-...
-
-=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
-
-...
-
=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
-=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-
-...
-
-=item SSL_OP_TLS_D5_BUG
-
-...
-
=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
=item SSL_OP_ALL
-All of the above bug workarounds.
+All of the above bug workarounds plus B<SSL_OP_LEGACY_SERVER_CONNECT> as
+mentioned below.
=back
same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
to the server's answer and violate the version rollback protection.)
-=item SSL_OP_SINGLE_DH_USE
-
-Always create a new key when using temporary/ephemeral DH parameters
-(see L<SSL_CTX_set_tmp_dh_callback(3)>).
-This option must be used to prevent small subgroup attacks, when
-the DH parameters were not generated using "strong" primes
-(e.g. when using DSA-parameters, see L<dhparam(1)>).
-If "strong" primes were used, it is not strictly necessary to generate
-a new DH key during each handshake but it is also recommended.
-B<SSL_OP_SINGLE_DH_USE> should therefore be enabled whenever
-temporary/ephemeral DH parameters are used.
-
-=item SSL_OP_EPHEMERAL_RSA
-
-This option is no longer implemented and is treated as no op.
-
=item SSL_OP_CIPHER_SERVER_PREFERENCE
When choosing a cipher, use the server's preferences instead of the client
preferences. When set, the SSL/TLS server will choose following its
own preferences.
-=item SSL_OP_PKCS1_CHECK_1
-
-...
-
-=item SSL_OP_PKCS1_CHECK_2
-
-...
-
-
=item SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1,
SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_3, SSL_OP_NO_DTLSv1, SSL_OP_NO_DTLSv1_2
(i.e., session resumption requests are only accepted in the initial
handshake). This option is not needed for clients.
+=item SSL_OP_NO_COMPRESSION
+
+Do not use compression even if it is supported.
+
+=item SSL_OP_NO_QUERY_MTU
+
+Do not query the MTU. Only affects DTLS connections.
+
+=item SSL_OP_COOKIE_EXCHANGE
+
+Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects
+DTLS connections.
+
=item SSL_OP_NO_TICKET
Normally clients and servers will, where possible, transparently make use
If this option is set this functionality is disabled and tickets will
not be used by clients or servers.
+This option only applies to TLSv1.2 and below. It is ignored for TLSv1.3.
+
=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
If this option is set, Encrypt-then-MAC is disabled. Clients will not
propose, and servers will not accept the extension.
+=item SSL_OP_NO_RENEGOTIATION
+
+Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
+messages, and ignore renegotiation requests via ClientHello.
+
+=item SSL_OP_ALLOW_NO_DHE_KEX
+
+In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means
+that there will be no forward secrecy for the resumed session.
+
+=item SSL_OP_PRIORITIZE_CHACHA
+
+When SSL_OP_CIPHER_SERVER_PREFERENCE is set, temporarily reprioritize
+ChaCha20-Poly1305 ciphers to the top of the server cipher list if a
+ChaCha20-Poly1305 cipher is at the top of the client cipher list. This helps
+those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere
+in the server cipher list; but still allows other clients to use AES and other
+ciphers. Requires B<SSL_OP_CIPHER_SERVER_PREFERENCE>.
+
+=item SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+
+If set then dummy Change Cipher Spec (CCS) messages are sent in TLSv1.3. This
+has the effect of making TLSv1.3 look more like TLSv1.2 so that middleboxes that
+do not understand TLSv1.3 will not drop the connection. Regardless of whether
+this option is set or not CCS messages received from the peer will always be
+ignored in TLSv1.3. This option is set by default. To switch it off use
+SSL_clear_options(). A future version of OpenSSL may not set this by default.
+
+=back
+
+The following options no longer have any effect but their identifiers are
+retained for compatibility purposes:
+
+=over 4
+
+=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+
+=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+
+=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+
+=item SSL_OP_TLS_D5_BUG
+
+=item SSL_OP_TLS_BLOCK_PADDING_BUG
+
+=item SSL_OP_MSIE_SSLV2_RSA_PADDING
+
+=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+
+=item SSL_OP_MICROSOFT_SESS_ID_BUG
+
+=item SSL_OP_NETSCAPE_CHALLENGE_BUG
+
+=item SSL_OP_PKCS1_CHECK_1
+
+=item SSL_OP_PKCS1_CHECK_2
+
+=item SSL_OP_SINGLE_DH_USE
+
+=item SSL_OP_SINGLE_ECDH_USE
+
+=item SSL_OP_EPHEMERAL_RSA
+
=back
=head1 SECURE RENEGOTIATION
The attempt to always try to use secure renegotiation was added in
Openssl 0.9.8m.
+B<SSL_OP_PRIORITIZE_CHACHA> and B<SSL_OP_NO_RENEGOTIATION> were added in
+OpenSSL 1.1.1.
+
=head1 COPYRIGHT
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
projects / openssl.git / blobdiff