The SSL 3.0 protocol is disabled on compile time by default

It can be re-enabled by specifying --enable-ssl3-support on configure script.
This is the first step before removing support for the protocol completely.

Relates #103

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2 files changed, 6 insertions, 1 deletions

diff --git a/doc/cha-library.texi b/doc/cha-library.texi
index 7fe7fb7297..354bb0a769 100644
--- a/doc/cha-library.texi
+++ b/doc/cha-library.texi
@@ -15,7 +15,7 @@ include:
 
 @itemize
 
-@item Support for TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0 and SSL 3.0 protocols.
+@item Support for TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0 and optionally SSL 3.0 protocols.
 
 @item Support for Datagram TLS 1.0 and 1.2.
 
diff --git a/doc/cha-upgrade.texi b/doc/cha-upgrade.texi
index 3e593dffb7..83e1120840 100644
--- a/doc/cha-upgrade.texi
+++ b/doc/cha-upgrade.texi
@@ -194,6 +194,11 @@ however, there are minor differences, listed below.
 @item The priority strings "+COMP" are a no-op
 @tab TLS compression is no longer available.
 
+@item The SSL 3.0 protocol is a no-op
+@tab SSL 3.0 is no longer compiled in by default. It is a legacy protocol
+which is completely eliminated from public internet. As such it was removed
+to reduce the attack vector for applications using the library.
+
 @item The hash function SHA2-224 is a no-op for TLS1.2
 @tab TLS 1.3 no longer uses SHA2-224, and it was never a widespread hash
 algorithm. As such it was removed for simplicity.