Update SSL_OP_* to remove ancient hacks that are no longer enabled.

1 files changed, 11 insertions, 13 deletions

diff --git a/lib/libssl/doc/SSL_CTX_set_options.3 b/lib/libssl/doc/SSL_CTX_set_options.3
index 6036dcdb2d6..b940c3d7d07 100644
--- a/lib/libssl/doc/SSL_CTX_set_options.3
+++ b/lib/libssl/doc/SSL_CTX_set_options.3
@@ -1,7 +1,7 @@
 .\"
-.\"	$OpenBSD: SSL_CTX_set_options.3,v 1.2 2014/12/02 14:11:01 jmc Exp $
+.\"	$OpenBSD: SSL_CTX_set_options.3,v 1.3 2015/06/15 02:57:05 doug Exp $
 .\"
-.Dd $Mdocdate: December 2 2014 $
+.Dd $Mdocdate: June 15 2015 $
 .Dt SSL_CTX_SET_OPTIONS 3
 .Os
 .Sh NAME
@@ -100,21 +100,19 @@ The following
 options are available:
 .Bl -tag -width Ds
 .It Dv SSL_OP_MICROSOFT_SESS_ID_BUG
-.Lk www.microsoft.com
-\(en when talking SSLv2, if session-id reuse is performed,
-the session-id passed back in the server-finished message is different from the
-one decided upon.
+As of
+.Ox 5.8 ,
+this option has no effect.
 .It Dv SSL_OP_NETSCAPE_CHALLENGE_BUG
-Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte challenge but
-then appears to only use 16 bytes when generating the encryption keys.
-Using 16 bytes is ok but it should be ok to use 32.
-According to the SSLv3 spec, one should use 32 bytes for the challenge when
-operating in SSLv2/v3 compatibility mode, but as mentioned above, this breaks
-this server so 16 bytes is the way to go.
+As of
+.Ox 5.8 ,
+this option has no effect.
 .It Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
 As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
 .It Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
-\&...
+As of
+.Ox 5.8 ,
+this option has no effect.
 .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
 \&...
 .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG