提交 3556b83e 编写于 作者: M Matt Caswell

Make the TLSv1.3 downgrade mechanism a configurable option

Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)
上级 c3043dcd
......@@ -407,6 +407,7 @@ my @disablables = (
"tests",
"threads",
"tls",
"tls13downgrade",
"ts",
"ubsan",
"ui",
......@@ -451,6 +452,7 @@ our %disabled = ( # "what" => "comment"
"ubsan" => "default",
#TODO(TLS1.3): Temporarily disabled while this is a WIP
"tls1_3" => "default",
"tls13downgrade" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
......
......@@ -427,6 +427,16 @@
require additional system-dependent options! See "Note on
multi-threading" below.
enable-tls13downgrade
TODO(TLS1.3): Make this enabled by default and remove the
option when TLSv1.3 is out of draft
TLSv1.3 offers a downgrade protection mechanism. This is
implemented but disabled by default. It should not typically
be enabled except for testing purposes. Otherwise this could
cause problems if a pre-RFC version of OpenSSL talks to an
RFC implementation (it will erroneously be detected as a
downgrade).
no-ts
Don't build Time Stamping Authority support.
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册