Make renegotiation a compile-time option

commit: 615e677c0bc386cc012d0d1639bd0caef69d1aa7 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Nov 03 08:23:14 2014 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Tue Dec 02 10:40:54 2014 +0100
tree: 47e90a4586403b4fc79f77b1b10dfe6fbfea7c66
parent: 85d915b81dd41b473b4944201a9f851d48fbdbdc [diff] [blame]
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 50b4e33..2dc4240 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h

@@ -822,6 +822,19 @@
 //#define POLARSSL_SSL_HW_RECORD_ACCEL
 
 /**
+ * \def POLARSSL_SSL_RENEGOTIATION
+ *
+ * Enable support for TLS renegotiation.
+ *
+ * The two main uses of renegotiation are (1) refresh keys on long-lived
+ * connections and (2) client authentication after the initial handshake.
+ * If you don't need renegotiation, it's probably better to disable it, since
+ * it has been associated with security issues in the past and is easy to
+ * misuse/misunderstand.
+ */
+#define POLARSSL_SSL_RENEGOTIATION
+
+/**
  * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
  *
  * Enable support for receiving and parsing SSLv2 Client Hello messages for the
commit	615e677c0bc386cc012d0d1639bd0caef69d1aa7	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Nov 03 08:23:14 2014 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Tue Dec 02 10:40:54 2014 +0100
tree	47e90a4586403b4fc79f77b1b10dfe6fbfea7c66
parent	85d915b81dd41b473b4944201a9f851d48fbdbdc [diff] [blame]