Clarify what happens in the event that a no_renegotiation alert is
received.
Reviewed-by: Frederik Wedel-Heinen <fwh.openssl@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27591)
(cherry picked from commit
0db6a59ea7931024d673024c2d17ff1ec44a4e69)
=item B<-no_renegotiation>
-Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
+Disables all attempts at renegotiation in (D)TLSv1.2 and earlier, same as setting
B<SSL_OP_NO_RENEGOTIATION>.
=item B<-no_resumption_on_reneg>
=item SSL_OP_NO_RENEGOTIATION
-Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
+Disable all renegotiation in (D)TLSv1.2 and earlier. Do not send HelloRequest
messages, and ignore renegotiation requests via ClientHello.
=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
will be performed to confirm that it is a suitable time to start a
renegotiation. If so, then it will be initiated immediately. OpenSSL will not
attempt to resume any session associated with the connection in the new
-handshake.
+handshake. Note that some servers will respond to reneogitation attempts with
+a "no_renegotiation" alert. An OpenSSL will immediately fail the connection in
+this case.
When called from the client side, SSL_renegotiate_abbreviated() works in the
same was as SSL_renegotiate() except that OpenSSL will attempt to resume the
projects / thirdparty / openssl.git / commitdiff
