X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fssl%2FSSL_CTX_set_options.pod;h=7754e75bfb94d5c4498810567b5ffb91cc7643e5;hp=3a75cdab591353473f1d5be591cdcdc62b8a6db8;hb=87d9cafa332bd006086b56dc645c03fe7cfed654;hpb=b7fa1f989d0059ad7b992c11797f37f095d61204 diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 3a75cdab59..7754e75bfb 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -141,9 +141,8 @@ This option is no longer implemented and is treated as no op. When choosing a cipher, use the server's preferences instead of the client preferences. When not set, the SSL server will always follow the clients -preferences. When set, the SSLv3/TLSv1 server will choose following its -own preferences. Because of the different protocol, for SSLv2 the server -will send its list of preferences to the client and the client chooses. +preferences. When set, the SSL/TLS server will choose following its +own preferences. =item SSL_OP_PKCS1_CHECK_1 @@ -154,11 +153,6 @@ will send its list of preferences to the client and the client chooses. ... - -=item SSL_OP_NO_SSLv2 - -Do not use the SSLv2 protocol. - =item SSL_OP_NO_SSLv3 Do not use the SSLv3 protocol. @@ -200,9 +194,6 @@ OpenSSL always attempts to use secure renegotiation as described in RFC5746. This counters the prefix attack described in CVE-2009-3555 and elsewhere. -The deprecated and highly broken SSLv2 protocol does not support -renegotiation at all: its use is B discouraged. - This attack has far reaching consequences which application writers should be aware of. In the description below an implementation supporting secure renegotiation is referred to as I. A server not supporting secure