projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SSL_conf_cmd: add support for IgnoreUnexpectedEOF
[openssl.git] / doc / man3 / SSL_CONF_cmd.pod
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index 3717c202bd6017898587317c230cef518f53d18f..b7555b54bf329f76d5b94c00a25e3958ca56aaa0 100644 (file)
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -569,6 +569,11 @@ B<SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE>. This option only applies to Linux.
 KTLS sendfile on FreeBSD doesn't offer an option to disable zerocopy and
 always runs in this mode.
 
+B<IgnoreUnexpectedEOF>: Equivalent to B<SSL_OP_IGNORE_UNEXPECTED_EOF>.
+You should only enable this option if the protocol running over TLS can detect
+a truncation attack itself, and that the application is checking for that
+truncation attack.
+
 =item B<VerifyMode>
 
 The B<value> argument is a comma separated list of flags to set.
Unnamed repository; edit this file 'description' to name the repository.