From: Matt Caswell <matt@openssl.org>
Date: Mon, 11 Dec 2017 14:10:43 +0000 (+0000)
Subject: Update CHANGES with info about SSL_OP_NO_RENGOTIATION
X-Git-Tag: OpenSSL_1_1_0h~94
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=96de98ba34a6c9aa3ccd5d2555cb16ce3e16a7cc;p=oweals%2Fopenssl.git

Update CHANGES with info about SSL_OP_NO_RENGOTIATION

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4901)
---

diff --git a/CHANGES b/CHANGES
index fc774ee1ea..0ac2f904bc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,19 @@
 
  Changes between 1.1.0g and 1.1.0h [xx XXX xxxx]
 
+  *) Backport SSL_OP_NO_RENGOTIATION
+
+     OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
+     (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
+     changes this is no longer possible in 1.1.0. Therefore the new
+     SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
+     1.1.0 to provide equivalent functionality.
+
+     Note that if an application built against 1.1.0h headers (or above) is run
+     using an older version of 1.1.0 (prior to 1.1.0h) then the option will be
+     accepted but nothing will happen, i.e. renegotiation will not be prevented.
+     [Matt Caswell]
+
   *) Removed the OS390-Unix config target.  It relied on a script that doesn't
      exist.
      [Rich Salz]