aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/doc
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2018-02-23 16:12:37 +0100
committerIngela Anderton Andin <[email protected]>2018-03-08 09:36:23 +0100
commit0ff4a42e31e4ef8d190e3be866315a774b590745 (patch)
treeec469f11370fca530b375e2fde6887c0ff8aa77f /lib/ssl/doc
parent5faf147cfe27da707059c61ae1e284c10987565a (diff)
downloadotp-0ff4a42e31e4ef8d190e3be866315a774b590745.tar.gz
otp-0ff4a42e31e4ef8d190e3be866315a774b590745.tar.bz2
otp-0ff4a42e31e4ef8d190e3be866315a774b590745.zip
ssl: Increase security with safer default
The interoperability option to fallback to insecure renegotiation now has to be explicitly turned on.
Diffstat (limited to 'lib/ssl/doc')
-rw-r--r--lib/ssl/doc/src/ssl.xml5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 4f72114ae9..7267083e32 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -264,8 +264,9 @@
<item><p>Specifies if to reject renegotiation attempt that does
not live up to
<url href="http://www.ietf.org/rfc/rfc5746.txt">RFC 5746</url>.
- By default <c>secure_renegotiate</c> is set to <c>false</c>,
- that is, secure renegotiation is used if possible,
+ By default <c>secure_renegotiate</c> is set to <c>true</c>,
+ that is, secure renegotiation is enforced. If set to <c>false</c> secure renegotiation
+ will still be used if possible,
but it falls back to insecure renegotiation if the peer
does not support
<url href="http://www.ietf.org/rfc/rfc5746.txt">RFC 5746</url>.</p>