- Default to disabled renegotiation

commit: 7c900780d939a0378abe4d881fdcf6fd62a4bff2 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Sun Nov 04 16:29:08 2012 +0000
committer: Paul Bakker <p.j.bakker@polarssl.org> Sun Nov 04 16:29:08 2012 +0000
tree: 15093f2cf852acecee23a434ab0fb40ea4e8b31e
parent: fc975dc592c953246701b9d1c4a20e7a1ac94b2b [diff] [blame]
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 071288e..3db7c4a 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -116,8 +116,8 @@
 #define SSL_LEGACY_RENEGOTIATION        0
 #define SSL_SECURE_RENEGOTIATION        1
 
-#define SSL_RENEGOTIATION_ENABLED       0
-#define SSL_RENEGOTIATION_DISABLED      1
+#define SSL_RENEGOTIATION_DISABLED      0
+#define SSL_RENEGOTIATION_ENABLED       1
 
 #define SSL_LEGACY_NO_RENEGOTIATION     0
 #define SSL_LEGACY_ALLOW_RENEGOTIATION  1
@@ -852,7 +852,8 @@
  *                 (Default: SSL_RENEGOTIATION_DISABLED)
  *
  *                 Note: A server with support enabled is more vulnerable for a
- *                 resource DoS by a malicious client.
+ *                 resource DoS by a malicious client. You should enable this on
+ *                 a client to enable server-initiated renegotiation.
  *
  * \param ssl      SSL context
  * \param renegotiation     Enable or disable (SSL_RENEGOTIATION_ENABLED or
commit	7c900780d939a0378abe4d881fdcf6fd62a4bff2	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Sun Nov 04 16:29:08 2012 +0000
committer	Paul Bakker <p.j.bakker@polarssl.org>	Sun Nov 04 16:29:08 2012 +0000
tree	15093f2cf852acecee23a434ab0fb40ea4e8b31e
parent	fc975dc592c953246701b9d1c4a20e7a1ac94b2b [diff] [blame]