diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 2dc4240ca..085a61486 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -822,17 +822,22 @@ //#define POLARSSL_SSL_HW_RECORD_ACCEL /** - * \def POLARSSL_SSL_RENEGOTIATION + * \def POLARSSL_SSL_DISABLE_RENEGOTIATION * - * Enable support for TLS renegotiation. + * Disable support for TLS renegotiation. * * The two main uses of renegotiation are (1) refresh keys on long-lived * connections and (2) client authentication after the initial handshake. * If you don't need renegotiation, it's probably better to disable it, since * it has been associated with security issues in the past and is easy to * misuse/misunderstand. + * + * Warning: in the next stable branch, this switch will be replaced by + * POLARSSL_SSL_RENEGOTIATION to enable support for renegotiation. + * + * Uncomment this to disable support for renegotiation. */ -#define POLARSSL_SSL_RENEGOTIATION +//#define POLARSSL_SSL_DISABLE_RENEGOTIATION /** * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index b1df1382a..cfd987b41 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -32,6 +32,12 @@ #else #include POLARSSL_CONFIG_FILE #endif + +/* Temporary compatibility trick for the current stable branch */ +#if !defined(POLARSSL_SSL_DISABLE_RENEGOTIATION) +#define POLARSSL_SSL_RENEGOTIATION +#endif + #include "net.h" #include "bignum.h" #include "ecp.h"