diff options
Diffstat (limited to 'ssl/tls1.h')
| -rw-r--r-- | ssl/tls1.h | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/ssl/tls1.h b/ssl/tls1.h index 3c8de73032..874479b820 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -555,12 +555,12 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 /* XXX - * Inconsistency alert: - * The OpenSSL names of ciphers with ephemeral DH here include the string - * "DHE", while elsewhere it has always been "EDH". - * (The alias for the list of all such ciphers also is "EDH".) - * The specifications speak of "EDH"; maybe we should allow both forms - * for everything. */ +* Backward compatibility alert: ++ * Older versions of OpenSSL gave some DHE ciphers names with "EDH" ++ * instead of "DHE". Going forward, we should be using DHE ++ * everywhere, though we may indefinitely maintain aliases for users ++ * or configurations that used "EDH" ++ */ #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" |