Security-55471.14.8.tar.gz

[apple/security.git] / libsecurity_ssl / lib / SecureTransport.h

diff --git a/libsecurity_ssl/lib/SecureTransport.h b/libsecurity_ssl/lib/SecureTransport.h
index 856d7f1409271f547115e92911e8edfa6541b5ac..e0a5cf484a8049738110d341cfac57b1b621fefb 100644 (file)
--- a/libsecurity_ssl/lib/SecureTransport.h
+++ b/libsecurity_ssl/lib/SecureTransport.h
@@ -130,6 +130,11 @@ typedef enum {
      * using a block cipher.
      */
     kSSLSessionOptionSendOneByteRecord,
+    /*
+     * Allow/Disallow server identity change on renegotiation. Disallow by default
+     * to avoid Triple Handshake attack.
+     */
+    kSSLSessionOptionAllowServerIdentityChange,
 
 } SSLSessionOption;