1 files changed, 31 insertions, 13 deletions
diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3
index 5d3c168..e17d71c 100644
--- a/secure/lib/libssl/man/SSL_CTX_set_mode.3
+++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
+.    ds C`
+.    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
-.    de IX
-.    tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
 ..
-.    nr % 0
-.    rr F
-.\}
-.el \{\
-.    de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+.    if \nF \{
+.        de IX
+.        tm Index:\\$1\t\\n%\t"\\$2"
 ..
+.        if !\nF==2 \{
+.            nr % 0
+.            nr F 2
+.        \}
+.    \}
 .\}
+.rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SSL_CTX_set_mode 3"
-.TH SSL_CTX_set_mode 3 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SSL_CTX_set_mode 3 "2015-01-08" "1.0.1k" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -175,7 +184,7 @@ non-blocking \fIwrite()\fR.
 Never bother the application with retries if the transport is blocking.
 If a renegotiation take place during normal operation, a
 \&\fISSL_read\fR\|(3) or \fISSL_write\fR\|(3) would return
-with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0.
+with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ.\s0
 In a non-blocking environment applications must be prepared to handle
 incomplete read/write operations.
 In a blocking environment, applications are not always prepared to
@@ -184,13 +193,22 @@ flag \s-1SSL_MODE_AUTO_RETRY\s0 will cause read/write operations to only
 return after the handshake and successful completion.
 .IP "\s-1SSL_MODE_RELEASE_BUFFERS\s0" 4
 .IX Item "SSL_MODE_RELEASE_BUFFERS"
-When we no longer need a read buffer or a write buffer for a given \s-1SSL\s0,
+When we no longer need a read buffer or a write buffer for a given \s-1SSL,\s0
 then release the memory we were using to hold it.  Released memory is
-either appended to a list of unused \s-1RAM\s0 chunks on the \s-1SSL_CTX\s0, or simply
+either appended to a list of unused \s-1RAM\s0 chunks on the \s-1SSL_CTX,\s0 or simply
 freed if the list of unused chunks would become longer than 
 \&\s-1SSL_CTX\-\s0>freelist_max_len, which defaults to 32.  Using this flag can
 save around 34k per idle \s-1SSL\s0 connection.
 This flag has no effect on \s-1SSL\s0 v2 connections, or on \s-1DTLS\s0 connections.
+.IP "\s-1SSL_MODE_SEND_FALLBACK_SCSV\s0" 4
+.IX Item "SSL_MODE_SEND_FALLBACK_SCSV"
+Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello.
+To be set only by applications that reconnect with a downgraded protocol
+version; see draft\-ietf\-tls\-downgrade\-scsv\-00 for details.
+.Sp
+\&\s-1DO NOT ENABLE THIS\s0 if your application attempts a normal handshake.
+Only use this in explicit fallback retries, following the guidance
+in draft\-ietf\-tls\-downgrade\-scsv\-00.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 \&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask