Update doc for ssl_conf_renegotiation

commit: 398b206ff0b9c16853dbb3264e1ccfa4fd317d91 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu May 28 15:13:30 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu May 28 17:28:38 2015 +0200
tree: 7cd4ad4263f9c4b66af37738f18e29bd09bbaebc
parent: 6ad5d35ba9e4d4a8d1823a76b46a9be73df4e2c9 [diff] [blame]
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3997b4d..e77b412 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -1778,9 +1778,13 @@
  *                 initiated by peer
  *                 (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED)
  *
- *                 Note: A server with support enabled is more vulnerable for a
- *                 resource DoS by a malicious client. You should enable this on
- *                 a client to enable server-initiated renegotiation.
+ * \warning        It is recommended to always disable renegotation unless you
+ *                 know you need it and you know what you're doing. In the
+ *                 past, there has been several issues associated with
+ *                 renegotiation or a poor understanding of its properties.
+ *
+ * \note           Server-side, enabling renegotiation also makes the server
+ *                 susceptible to a resource DoS by a malicious client.
  *
  * \param conf    SSL configuration
  * \param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
commit	398b206ff0b9c16853dbb3264e1ccfa4fd317d91	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu May 28 15:13:30 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu May 28 17:28:38 2015 +0200
tree	7cd4ad4263f9c4b66af37738f18e29bd09bbaebc
parent	6ad5d35ba9e4d4a8d1823a76b46a9be73df4e2c9 [diff] [blame]