From 9f22c527232d8babfa4827dff34a6707e8880dd9 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 18 Jul 2018 16:13:14 +0100
Subject: Turn on TLSv1.3 downgrade protection by default

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6741)
---
 INSTALL | 10 ----------
 1 file changed, 10 deletions(-)

(limited to 'INSTALL')

diff --git a/INSTALL b/INSTALL
index 34023dc..ff0aa6d 100644
--- a/INSTALL
+++ b/INSTALL
@@ -476,16 +476,6 @@
                    require additional system-dependent options! See "Note on
                    multi-threading" below.
 
-  enable-tls13downgrade
-                   TODO(TLS1.3): Make this enabled by default and remove the
-                   option when TLSv1.3 is out of draft
-                   TLSv1.3 offers a downgrade protection mechanism. This is
-                   implemented but disabled by default. It should not typically
-                   be enabled except for testing purposes. Otherwise this could
-                   cause problems if a pre-RFC version of OpenSSL talks to an
-                   RFC implementation (it will erroneously be detected as a
-                   downgrade).
-
   no-ts
                    Don't build Time Stamping Authority support.
 
-- 
cgit v1.1