Allow disabling HelloVerifyRequest

commit: 7d38d215b108bbaa23ff1a22c06f1938866c634e [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Jul 23 17:52:09 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:30:18 2014 +0200
tree: b794fe5bcb0cbbad63b5e869aa6ab74c955a6c3b
parent: e4de06145a92d811f060d5aa8fc8042259062340 [diff] [blame]
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 7493fce..9964607 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -1136,6 +1136,16 @@
  * \brief           Register callbacks for DTLS cookies
  *                  (Server only. DTLS only.)
  *
+ *                  Default: dummy callbacks that fail, to force you to
+ *                  register working callbacks (and initialize their context).
+ *
+ *                  To disable HelloVerifyRequest, register NULL callbacks.
+ *
+ * \warning         Disabling hello verification allows your server to be used
+ *                  for amplification in DoS attacks against other hosts.
+ *                  Only disable if you known this can't happen in your
+ *                  particular environment.
+ *
  * \param ssl               SSL context
  * \param f_cookie_write    Cookie write callback
  * \param f_cookie_check    Cookie check callback
commit	7d38d215b108bbaa23ff1a22c06f1938866c634e	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed Jul 23 17:52:09 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Oct 21 16:30:18 2014 +0200
tree	b794fe5bcb0cbbad63b5e869aa6ab74c955a6c3b
parent	e4de06145a92d811f060d5aa8fc8042259062340 [diff] [blame]