From 0ff4a42e31e4ef8d190e3be866315a774b590745 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Fri, 23 Feb 2018 16:12:37 +0100
Subject: ssl: Increase security with safer default

The interoperability option to fallback to insecure renegotiation
now has to be explicitly turned on.
---
 lib/ssl/doc/src/ssl.xml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'lib/ssl/doc/src')

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 4f72114ae9..7267083e32 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -264,8 +264,9 @@
       <item><p>Specifies if to reject renegotiation attempt that does
       not live up to 
       <url href="http://www.ietf.org/rfc/rfc5746.txt">RFC 5746</url>. 
-      By default <c>secure_renegotiate</c> is set to <c>false</c>, 
-      that is, secure renegotiation is used if possible,
+      By default <c>secure_renegotiate</c> is set to <c>true</c>, 
+      that is, secure renegotiation is enforced. If set to <c>false</c> secure renegotiation
+      will still be used if possible,
       but it falls back to insecure renegotiation if the peer
       does not support 
       <url href="http://www.ietf.org/rfc/rfc5746.txt">RFC 5746</url>.</p>
-- 
cgit v1.2.3