New upstream version 2.4~beta1upstream/2.4_beta1

author: Alberto Gonzalez Iniesta <agi@inittab.org> 2016-11-21 09:37:33 +0100
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2016-11-21 09:37:33 +0100
commit: 20c8675ba46bda97330a4117c459a59a9f1c465e (patch)
tree: d888c714fb61947dd79dc44b64a4aaae2f70bfb7 /src/openvpn/ssl_openssl.h
parent: ffca24bed7a03d95585ad02278667abe75d8b272 (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h
index 73a6c49..97dc742 100644
--- a/src/openvpn/ssl_openssl.h
+++ b/src/openvpn/ssl_openssl.h
@@ -35,15 +35,14 @@
 /**
  * SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption",
  * as this is something we do not want nor need, but could potentially be
- * used for a future attack.  For compatibility reasons, in the 2.3.x
- * series, we keep building if the OpenSSL version is too old to support
- * this.  2.4 requires it and will fail configure if not present.
+ * used for a future attack.  For compatibility reasons we keep building if the
+ * OpenSSL version is too old (pre-0.9.8f) to support stateless session
+ * resumption (and the accompanying SSL_OP_NO_TICKET flag).
  */
 #ifndef SSL_OP_NO_TICKET
 # define SSL_OP_NO_TICKET 0
 #endif
 
-
 /**
  * Structure that wraps the TLS context. Contents differ depending on the
  * SSL library used.
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2016-11-21 09:37:33 +0100
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2016-11-21 09:37:33 +0100
commit	20c8675ba46bda97330a4117c459a59a9f1c465e (patch)
tree	d888c714fb61947dd79dc44b64a4aaae2f70bfb7 /src/openvpn/ssl_openssl.h
parent	ffca24bed7a03d95585ad02278667abe75d8b272 (diff)