summaryrefslogtreecommitdiff
path: root/doc/ssl/SSL_CTX_set_mode.pod
diff options
context:
space:
mode:
Diffstat (limited to 'doc/ssl/SSL_CTX_set_mode.pod')
-rw-r--r--doc/ssl/SSL_CTX_set_mode.pod8
1 files changed, 6 insertions, 2 deletions
diff --git a/doc/ssl/SSL_CTX_set_mode.pod b/doc/ssl/SSL_CTX_set_mode.pod
index 0ee23433ba7e6..f9b838fe6f781 100644
--- a/doc/ssl/SSL_CTX_set_mode.pod
+++ b/doc/ssl/SSL_CTX_set_mode.pod
@@ -61,12 +61,16 @@ deal with read/write operations returning without success report. The
flag SSL_MODE_AUTO_RETRY will cause read/write operations to only
return after the handshake and successful completion.
-=item SSL_MODE_FALLBACK_SCSV
+=item SSL_MODE_SEND_FALLBACK_SCSV
Send TLS_FALLBACK_SCSV in the ClientHello.
-To be set by applications that reconnect with a downgraded protocol
+To be set only by applications that reconnect with a downgraded protocol
version; see draft-ietf-tls-downgrade-scsv-00 for details.
+DO NOT ENABLE THIS if your application attempts a normal handshake.
+Only use this in explicit fallback retries, following the guidance
+in draft-ietf-tls-downgrade-scsv-00.
+
=back
=head1 RETURN VALUES
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 10:59:53 +0000