From df0c5663dd944a3dd06936105d0696a704c20e4e Mon Sep 17 00:00:00 2001
From: Kenneth Lakin <kennethlakin@gmail.com>
Date: Sat, 30 Apr 2016 02:31:51 -0700
Subject: ssl: Add BEAST mitigation selection option

Some legacy TLS 1.0 software does not tolerate the 1/n-1 content
split BEAST mitigation technique. This commit adds a beast_mitigation
SSL option (defaulting to one_n_minus_one) to select or disable the
BEAST mitigation technique.

Valid option values are (one_n_minus_one | zero_n | disabled).
---
 lib/ssl/src/ssl_record.hrl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/ssl/src/ssl_record.hrl')

diff --git a/lib/ssl/src/ssl_record.hrl b/lib/ssl/src/ssl_record.hrl
index d34d144343..87fde35258 100644
--- a/lib/ssl/src/ssl_record.hrl
+++ b/lib/ssl/src/ssl_record.hrl
@@ -40,7 +40,9 @@
 	  %% RFC 5746
 	  secure_renegotiation,
 	  client_verify_data,
-	  server_verify_data
+	  server_verify_data,
+	  %% How to do BEAST mitigation?
+	  beast_mitigation
 	 }).
 
 -record(connection_states, {
-- 
cgit v1.2.3