Update CHANGES with info about SSL_OP_NO_RENGOTIATION

author Matt Caswell <matt@openssl.org>

Mon, 11 Dec 2017 14:10:43 +0000 (14:10 +0000)

committer Matt Caswell <matt@openssl.org>

Tue, 30 Jan 2018 19:31:35 +0000 (19:31 +0000)
author Matt Caswell <matt@openssl.org>
Mon, 11 Dec 2017 14:10:43 +0000 (14:10 +0000)
committer Matt Caswell <matt@openssl.org>
Tue, 30 Jan 2018 19:31:35 +0000 (19:31 +0000)
diff --git a/CHANGES b/CHANGES

index fc774ee1ea4f58f3eac968a9c6e5805c180d1942..0ac2f904bc8bf196bccbc27cd4ae8731b9e5b8b4 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,19 @@
  
   Changes between 1.1.0g and 1.1.0h [xx XXX xxxx]
  
+  *) Backport SSL_OP_NO_RENGOTIATION
+
+     OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
+     (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
+     changes this is no longer possible in 1.1.0. Therefore the new
+     SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
+     1.1.0 to provide equivalent functionality.
+
+     Note that if an application built against 1.1.0h headers (or above) is run
+     using an older version of 1.1.0 (prior to 1.1.0h) then the option will be
+     accepted but nothing will happen, i.e. renegotiation will not be prevented.
+     [Matt Caswell]
+
    *) Removed the OS390-Unix config target.  It relied on a script that doesn't
       exist.
       [Rich Salz]
author	Matt Caswell <matt@openssl.org>
	Mon, 11 Dec 2017 14:10:43 +0000 (14:10 +0000)
committer	Matt Caswell <matt@openssl.org>
	Tue, 30 Jan 2018 19:31:35 +0000 (19:31 +0000)