Security-55471.14.4.tar.gz

[apple/security.git] / libsecurity_ssl / lib / sslContext.h

diff --git a/libsecurity_ssl/lib/sslContext.h b/libsecurity_ssl/lib/sslContext.h
index eee676cc7829e4829233b01a84344cf3b3a61a27..a3e13cd9089c6b266dc197eadfbffb7458a1359d 100644 (file)
--- a/libsecurity_ssl/lib/sslContext.h
+++ b/libsecurity_ssl/lib/sslContext.h
@@ -351,6 +351,8 @@ struct SSLContext
        Boolean                         rsaBlindingEnable;
        Boolean                         oneByteRecordEnable;    /* enable 1/n-1 data splitting for TLSv1 and SSLv3 */
        Boolean                         wroteAppData;           /* at least one write completed with current writeCipher */
+    Boolean             allowServerIdentityChange; /* allow server identity change on renegotiation
+                                                    disallowed by default to avoid triple handshake attack */
 
        /* optional session cache timeout (in seconds) override - 0 means default */
        uint32_t                                sessionCacheTimeout;