From 1c4b15458670aea5d3849d4b57b8c0ce34a54fbe Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 2 Feb 2018 10:17:06 +0000 Subject: [PATCH] Add MiddleboxCompat option to SSL_CONF_cmd man page Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5244) --- doc/man3/SSL_CONF_cmd.pod | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 27317e0652..5179e29bc4 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -420,6 +420,12 @@ B: In TLSv1.3 allow a non-(ec)dhe based key exchange mode on resumption. This means that there will be no forward secrecy for the resumed session. Equivalent to B. +B: If set then dummy Change Cipher Spec (CCS) messages are sent +in TLSv1.3. This has the effect of making TLSv1.3 look more like TLSv1.2 so that +middleboxes that do not understand TLSv1.3 will not drop the connection. This +option is set by default. A future version of OpenSSL may not set this by +default. Equivalent to B. + =item B The B argument is a comma separated list of flags to set. -- 2.25.1