Merge tag 'upstream/2.4_beta1'

Upstream version 2.4~beta1
author: Alberto Gonzalez Iniesta <agi@inittab.org> 2016-11-21 09:37:33 +0100
committer: Alberto Gonzalez Iniesta <agi@inittab.org> 2016-11-21 09:37:33 +0100
commit: 93b77cacdbb7e6f310c4e20f85c3a24ed5ba18ba (patch)
tree: 55a7688c9969ef4d01625caa58c7f679098c76eb /src/openvpn/ssl_openssl.h
parent: daa9ef0efeb5e10a1b43820fbab3a4ff5fbd22f1 (diff)
parent: 20c8675ba46bda97330a4117c459a59a9f1c465e (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h
index 73a6c49..97dc742 100644
--- a/src/openvpn/ssl_openssl.h
+++ b/src/openvpn/ssl_openssl.h
@@ -35,15 +35,14 @@
 /**
  * SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption",
  * as this is something we do not want nor need, but could potentially be
- * used for a future attack.  For compatibility reasons, in the 2.3.x
- * series, we keep building if the OpenSSL version is too old to support
- * this.  2.4 requires it and will fail configure if not present.
+ * used for a future attack.  For compatibility reasons we keep building if the
+ * OpenSSL version is too old (pre-0.9.8f) to support stateless session
+ * resumption (and the accompanying SSL_OP_NO_TICKET flag).
  */
 #ifndef SSL_OP_NO_TICKET
 # define SSL_OP_NO_TICKET 0
 #endif
 
-
 /**
  * Structure that wraps the TLS context. Contents differ depending on the
  * SSL library used.
author	Alberto Gonzalez Iniesta <agi@inittab.org>	2016-11-21 09:37:33 +0100
committer	Alberto Gonzalez Iniesta <agi@inittab.org>	2016-11-21 09:37:33 +0100
commit	93b77cacdbb7e6f310c4e20f85c3a24ed5ba18ba (patch)
tree	55a7688c9969ef4d01625caa58c7f679098c76eb /src/openvpn/ssl_openssl.h
parent	daa9ef0efeb5e10a1b43820fbab3a4ff5fbd22f1 (diff)
parent	20c8675ba46bda97330a4117c459a59a9f1c465e (diff)