diff options
| author | Simon Josefsson <simon@josefsson.org> | 2010-06-07 16:12:11 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-11-01 13:20:21 +0100 |
| commit | 0e4871de18409afad104eb35b23dfa6bf95d09e2 (patch) | |
| tree | 88523344f1a7b9b0ba8a8039029237798a578a9d /lib/gnutls_priority.c | |
| parent | 773e90912fe1667cff667bbe1be3a04a25572da4 (diff) | |
| download | gnutls-0e4871de18409afad104eb35b23dfa6bf95d09e2.tar.gz | |
Doc fix.
Diffstat (limited to 'lib/gnutls_priority.c')
| -rw-r--r-- | lib/gnutls_priority.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 3a17527395..d7c6831ac5 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -520,20 +520,26 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) * * "%COMPAT" will enable compatibility features for a server. * - * "%DISABLE_SAFE_RENEGOTIATION" will disable safe renegotiation completely. Do not use - * unless you know what you are doing. Testing purposes only. - * - * "%UNSAFE_RENEGOTIATION" will allow unsafe renegotiation (this is now - * the default for clients, but will change once more servers support the safe renegotiation - * TLS fix). - * - * "%PARTIAL_SAFE_RENEGOTIATION" In server side it will enable safe renegotiation - * and will protect all clients from known attacks, but will not prevent insecure clients - * from connecting. In client side it will disallow from renegotiating with an insecure server - * but will not prevent connecting to one (this leaves the client vulnerable to attacks). - * - * "%SAFE_RENEGOTIATION" will enforce safe renegotiation. Clients and Servers will refuse - * to talk to an insecure peer. + * "%DISABLE_SAFE_RENEGOTIATION" will disable safe renegotiation + * completely. Do not use unless you know what you are doing. + * Testing purposes only. + * + * "%UNSAFE_RENEGOTIATION" will allow handshakes and rehandshakes + * without the safe renegotiation extension. Note that for clients + * this mode is insecure (you may be under attack), and for servers it + * will allow insecure clients to connect (which could be fooled by an + * attacker). Do not use unless you know what you are doing and want + * maximum compatibility. + * + * "%PARTIAL_RENEGOTIATION" will allow initial handshakes to proceed, + * but not rehandshakes. This leaves the client vulnerable to attack, + * and servers will be compatible with non-upgraded clients for + * initial handshakes. This is currently the default for clients and + * servers, for compatibility reasons. + * + * "%SAFE_RENEGOTIATION" will enforce safe renegotiation. Clients and + * servers will refuse to talk to an insecure peer. Currently this + * causes operability problems, but is required for full protection. * * "%SSL3_RECORD_VERSION" will use SSL3.0 record version in client hello. * |