diff options
author | jkim <jkim@FreeBSD.org> | 2015-01-08 23:42:41 +0000 |
---|---|---|
committer | jkim <jkim@FreeBSD.org> | 2015-01-08 23:42:41 +0000 |
commit | 4f9b1cef1a6825f03178937e0feb39a2b2d046c8 (patch) | |
tree | 6c2f3cb14d70e0247fe500835bed3d3588c3025e /secure/lib/libssl/man/SSL_CTX_set_mode.3 | |
parent | cfd5b20c8bb6e3677ef84152d28058c0ead0de39 (diff) | |
parent | a350427e88bc6ff288594c964ca0f57464062eb0 (diff) | |
download | FreeBSD-src-4f9b1cef1a6825f03178937e0feb39a2b2d046c8.zip FreeBSD-src-4f9b1cef1a6825f03178937e0feb39a2b2d046c8.tar.gz |
Merge OpenSSL 1.0.1k.
Diffstat (limited to 'secure/lib/libssl/man/SSL_CTX_set_mode.3')
-rw-r--r-- | secure/lib/libssl/man/SSL_CTX_set_mode.3 | 44 |
1 files changed, 31 insertions, 13 deletions
diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index 5d3c168..e17d71c 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== @@ -38,6 +38,8 @@ . ds PI \(*p . ds L" `` . ds R" '' +. ds C` +. ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. @@ -48,17 +50,24 @@ .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.ie \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX .. -. nr % 0 -. rr F -.\} -.el \{\ -. de IX +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -124,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "2014-10-15" "1.0.1j" "OpenSSL" +.TH SSL_CTX_set_mode 3 "2015-01-08" "1.0.1k" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,7 +184,7 @@ non-blocking \fIwrite()\fR. Never bother the application with retries if the transport is blocking. If a renegotiation take place during normal operation, a \&\fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) would return -with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0. +with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ.\s0 In a non-blocking environment applications must be prepared to handle incomplete read/write operations. In a blocking environment, applications are not always prepared to @@ -184,13 +193,22 @@ flag \s-1SSL_MODE_AUTO_RETRY\s0 will cause read/write operations to only return after the handshake and successful completion. .IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4 .IX Item "SSL_MODE_RELEASE_BUFFERS" -When we no longer need a read buffer or a write buffer for a given \s-1SSL\s0, +When we no longer need a read buffer or a write buffer for a given \s-1SSL,\s0 then release the memory we were using to hold it. Released memory is -either appended to a list of unused \s-1RAM\s0 chunks on the \s-1SSL_CTX\s0, or simply +either appended to a list of unused \s-1RAM\s0 chunks on the \s-1SSL_CTX,\s0 or simply freed if the list of unused chunks would become longer than \&\s-1SSL_CTX\-\s0>freelist_max_len, which defaults to 32. Using this flag can save around 34k per idle \s-1SSL\s0 connection. This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections. +.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4 +.IX Item "SSL_MODE_SEND_FALLBACK_SCSV" +Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello. +To be set only by applications that reconnect with a downgraded protocol +version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details. +.Sp +\&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake. +Only use this in explicit fallback retries, following the guidance +in draft\-ietf\-tls\-downgrade\-scsv\-00. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask |