Google Git
Sign in
boringssl/boringssl.git/471abb1f211aa75dcc2fdf8baa444e468f6e6708^!/.
commit
471abb1f211aa75dcc2fdf8baa444e468f6e6708
[log]
author
David Benjamin <davidben@chromium.org>
Sun Oct 18 23:09:17 2015 -0400
committer
Adam Langley <alangley@gmail.com>
Mon Oct 26 19:27:56 2015 +0000
tree
242a5aa509d28befd540b296b3de198f2ee5a3ff
parent
1269ddd3773f50dfc2c3c9e23a2249ded1415ba3 [diff]
Update PORTING.md for the new renego API.

SSL_set_renegotiate_mode to avoid my original double-negative confusion.

Change-Id: I23537aeac53c4969fd81307a676f33d6768da55f
Reviewed-on: https://boringssl-review.googlesource.com/6322
Reviewed-by: Adam Langley <alangley@gmail.com>

diff --git a/PORTING.md b/PORTING.md
index cf84115..b3e50d7 100644
--- a/PORTING.md
+++ b/PORTING.md

@@ -103,11 +103,12 @@
 from the peer transparently. Renegotiation is an extremely problematic protocol
 feature, so BoringSSL rejects peer renegotiations by default.
 
-To enable renegotiation, call `SSL_set_reject_peer_renegotiations` and set it to
-off. Renegotiation is only supported as a client in SSL3/TLS and the
-HelloRequest must be received at a quiet point in the application protocol. This
-is sufficient to support the common use of requesting a new client certificate
-between an HTTP request and response in (unpipelined) HTTP/1.1.
+To enable renegotiation, call `SSL_set_renegotiate_mode` and set it to
+`ssl_renegotiate_once` or `ssl_renegotiate_freely`. Renegotiation is only
+supported as a client in SSL3/TLS and the HelloRequest must be received at a
+quiet point in the application protocol. This is sufficient to support the
+common use of requesting a new client certificate between an HTTP request and
+response in (unpipelined) HTTP/1.1.
 
 Things which do not work: