Note that disabling SSL_RENEGO doesn't open door for renego attack

This commit is contained in:
Hanno Becker 2017-10-12 14:57:48 +01:00
parent 21df7f90d2
commit 6851b10ec7

View file

@ -1155,6 +1155,13 @@
* misuse/misunderstand.
*
* Comment this to disable support for renegotiation.
*
* \note Even if this option is disabled, both client and server are aware
* of the Renegotiation Indication Extension (RFC 5746) used to
* prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
* (See \c mbedtls_ssl_conf_legacy_renegotiation for the
* configuration of this extension).
*
*/
#define MBEDTLS_SSL_RENEGOTIATION