Add warnings about disabling replay detection

commit: a6fcffe5168d62de33f137eb73b2d5a1bccfe5e7 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Oct 13 18:15:52 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Oct 21 16:32:53 2014 +0200
tree: b305a1a6d57054fee2820e890d734001b93607a7
parent: 37e08e1689abeebcf4f0eb46062d31de5b339f7b [diff] [blame]
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 5591e44..2fc1915 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h

@@ -931,6 +931,9 @@
  * Requires: POLARSSL_SSL_TLS_C
  *           POLARSSL_POLARSSL_PROTO_DTLS
  *
+ * \warning Disabling this is often a security risk!
+ * See ssl_set_dtls_anti_replay() for details.
+ *
  * Comment this to disable anti-replay in DTLS.
  */
 #define POLARSSL_SSL_DTLS_ANTI_REPLAY
@@ -945,6 +948,8 @@
  * unless you know for sure amplification cannot be a problem in the
  * environment in which your server operates.
  *
+ * \warning Disabling this can ba a security risk! (see above)
+ *
  * Requires: POLARSSL_SSL_SRV_C
  *           POLARSSL_POLARSSL_PROTO_DTLS
  *
commit	a6fcffe5168d62de33f137eb73b2d5a1bccfe5e7	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Oct 13 18:15:52 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Oct 21 16:32:53 2014 +0200
tree	b305a1a6d57054fee2820e890d734001b93607a7
parent	37e08e1689abeebcf4f0eb46062d31de5b339f7b [diff] [blame]