- Added more documentation on disable / enable renegotiation

commit: 09f097d45f4bf7a97ccf275a5922b708a9f8ddc0 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 23 11:54:56 2012 +0000
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 23 11:54:56 2012 +0000
tree: 7fd0fada033b2ab1cff4388f9a5b52f7156ee3b5
parent: 67f9d534eee7f2d1af5bad5520cee327b6d94e14 [diff] [blame]
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 844cd18..02874b5 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -846,8 +846,12 @@
 void ssl_set_min_version( ssl_context *ssl, int major, int minor );
 
 /**
- * \brief          Enable / Disable renegotiation support for connection
- *                 (Default: SSL_RENEGOTIATION_ENABLED)
+ * \brief          Enable / Disable renegotiation support for connection when
+ *                 initiated by peer
+ *                 (Default: SSL_RENEGOTIATION_DISABLED)
+ *
+ *                 Note: A server with support enabled is more vulnerable for a
+ *                 resource DoS by a malicious client.
  *
  * \param ssl      SSL context
  * \param renegotiation     Enable or disable (SSL_RENEGOTIATION_ENABLED or
commit	09f097d45f4bf7a97ccf275a5922b708a9f8ddc0	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Tue Oct 23 11:54:56 2012 +0000
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Oct 23 11:54:56 2012 +0000
tree	7fd0fada033b2ab1cff4388f9a5b52f7156ee3b5
parent	67f9d534eee7f2d1af5bad5520cee327b6d94e14 [diff] [blame]