Add MiddleboxCompat option to SSL_CONF_cmd man page

author Matt Caswell <matt@openssl.org>

Fri, 2 Feb 2018 10:17:06 +0000 (10:17 +0000)

committer Matt Caswell <matt@openssl.org>

Mon, 5 Feb 2018 10:56:53 +0000 (10:56 +0000)
author Matt Caswell <matt@openssl.org>
Fri, 2 Feb 2018 10:17:06 +0000 (10:17 +0000)
committer Matt Caswell <matt@openssl.org>
Mon, 5 Feb 2018 10:56:53 +0000 (10:56 +0000)
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod

index 27317e0652ac17f7e63d141ec036411591d5769f..5179e29bc4a585e52e5600bfaa2948dd144dc022 100644 (file)
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -420,6 +420,12 @@ B<AllowNoDHEKEX>: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on
  resumption. This means that there will be no forward secrecy for the resumed
  session. Equivalent to B<SSL_OP_ALLOW_NO_DHE_KEX>.
  
+B<MiddleboxCompat>: If set then dummy Change Cipher Spec (CCS) messages are sent
+in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that
+middleboxes that do not understand TLSv1.3 will not drop the connection. This
+option is set by default. A future version of OpenSSL may not set this by
+default. Equivalent to B<SSL_OP_ENABLE_MIDDLEBOX_COMPAT>.
+
  =item B<VerifyMode>
  
  The B<value> argument is a comma separated list of flags to set.
author	Matt Caswell <matt@openssl.org>
	Fri, 2 Feb 2018 10:17:06 +0000 (10:17 +0000)
committer	Matt Caswell <matt@openssl.org>
	Mon, 5 Feb 2018 10:56:53 +0000 (10:56 +0000)