From 09f097d45f4bf7a97ccf275a5922b708a9f8ddc0 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Tue, 23 Oct 2012 11:54:56 +0000
Subject: [PATCH]  - Added more documentation on disable / enable renegotiation

---
 include/polarssl/ssl.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 844cd18e8..02874b509 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -846,8 +846,12 @@ void ssl_set_max_version( ssl_context *ssl, int major, int minor );
 void ssl_set_min_version( ssl_context *ssl, int major, int minor );
 
 /**
- * \brief          Enable / Disable renegotiation support for connection
- *                 (Default: SSL_RENEGOTIATION_ENABLED)
+ * \brief          Enable / Disable renegotiation support for connection when
+ *                 initiated by peer
+ *                 (Default: SSL_RENEGOTIATION_DISABLED)
+ *
+ *                 Note: A server with support enabled is more vulnerable for a
+ *                 resource DoS by a malicious client.
  *
  * \param ssl      SSL context
  * \param renegotiation     Enable or disable (SSL_RENEGOTIATION_ENABLED or