summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
c3043dc)
Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)
"tests",
"threads",
"tls",
"tests",
"threads",
"tls",
"ubsan" => "default",
#TODO(TLS1.3): Temporarily disabled while this is a WIP
"tls1_3" => "default",
"ubsan" => "default",
#TODO(TLS1.3): Temporarily disabled while this is a WIP
"tls1_3" => "default",
+ "tls13downgrade" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
require additional system-dependent options! See "Note on
multi-threading" below.
require additional system-dependent options! See "Note on
multi-threading" below.
+ enable-tls13downgrade
+ TODO(TLS1.3): Make this enabled by default and remove the
+ option when TLSv1.3 is out of draft
+ TLSv1.3 offers a downgrade protection mechanism. This is
+ implemented but disabled by default. It should not typically
+ be enabled except for testing purposes. Otherwise this could
+ cause problems if a pre-RFC version of OpenSSL talks to an
+ RFC implementation (it will erroneously be detected as a
+ downgrade).
+
no-ts
Don't build Time Stamping Authority support.
no-ts
Don't build Time Stamping Authority support.
projects / openssl.git / commitdiff