aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/luaossl.tex4
-rw-r--r--src/openssl.c12
2 files changed, 16 insertions, 0 deletions
diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index 418dac5..c9e7141 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -868,6 +868,7 @@ name & \href{https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html}{descript
\small{\texttt{OP\_SSLEAY\_080\_CLIENT\_DH\_BUG}} & $\ldots$ \\
\small{\texttt{OP\_TLS\_D5\_BUG}} & $\ldots$ \\
\small{\texttt{OP\_TLS\_BLOCK\_PADDING\_BUG}} & $\ldots$ \\
+\small{\texttt{OP\_ALLOW\_NO\_DHE\_KEX}} & Allow a non-(ec)dhe based kex_mode. \\
\small{\texttt{OP\_DONT\_INSERT\_EMPTY\_FRAGMENTS}} & Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken SSL implementations. This option has no effect for connections using other ciphers. \\
\small{\texttt{OP\_NO\_QUERY\_MTU}} & $\ldots$ \\
\small{\texttt{OP\_COOKIE\_EXCHANGE}} & $\ldots$ \\
@@ -880,6 +881,9 @@ name & \href{https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html}{descript
\small{\texttt{OP\_NO\_ENCRYPT\_THEN MAC}} & $\ldots$ \\
\small{\texttt{OP\_SINGLE\_DH\_USE}} & Always create a new key when using temporary/ephemeral DH parameters. \\
\small{\texttt{OP\_EPHEMERAL\_RSA}} & Always use ephemeral (temporary) RSA key when doing RSA operations. \\
+\small{\texttt{OP\_PRIORITIZE\_CHACHA}} & Prioritize ChaCha20Poly1305 on servers when client does. \\
+\small{\texttt{OP\_ENABLE\_MIDDLEBOX\_COMPAT}} & TLSv1.3 Compatibility mode. \\
+\small{\texttt{OP\_NO\_ANTI\_REPLAY}} & TLSv1.3 anti-replay protection for early data. \\
\small{\texttt{OP\_CIPHER\_SERVER\_PREFERENCE}} & When choosing a cipher, use the server's preferences instead of the client preferences. \\
\small{\texttt{OP\_TLS\_ROLLBACK\_BUG}} & Disable version rollback attack detection. \\
\small{\texttt{OP\_NO\_SSLv2}} & Do not use the SSLv2 protocol. \\
diff --git a/src/openssl.c b/src/openssl.c
index 12211ea..8ecd57e 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -9136,6 +9136,9 @@ static const auxL_IntegerReg sx_option[] = {
{ "OP_SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG },
{ "OP_TLS_D5_BUG", SSL_OP_TLS_D5_BUG },
{ "OP_TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG },
+#ifdef SSL_OP_ALLOW_NO_DHE_KEX
+ { "OP_ALLOW_NO_DHE_KEX", SSL_OP_ALLOW_NO_DHE_KEX },
+#endif
{ "OP_DONT_INSERT_EMPTY_FRAGMENTS", SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS },
{ "OP_NO_QUERY_MTU", SSL_OP_NO_QUERY_MTU },
{ "OP_COOKIE_EXCHANGE", SSL_OP_COOKIE_EXCHANGE },
@@ -9152,6 +9155,15 @@ static const auxL_IntegerReg sx_option[] = {
#endif
{ "OP_SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE },
{ "OP_EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA },
+#ifdef SSL_OP_PRIORITIZE_CHACHA
+ { "OP_PRIORITIZE_CHACHA", SSL_OP_PRIORITIZE_CHACHA },
+#endif
+#ifdef SSL_OP_ENABLE_MIDDLEBOX_COMPAT
+ { "OP_ENABLE_MIDDLEBOX_COMPAT", SSL_OP_ENABLE_MIDDLEBOX_COMPAT },
+#endif
+#ifdef SSL_OP_NO_ANTI_REPLAY
+ { "OP_NO_ANTI_REPLAY", SSL_OP_NO_ANTI_REPLAY },
+#endif
{ "OP_CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE },
{ "OP_TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG },
{ "OP_NO_SSLv2", SSL_OP_NO_SSLv2 },