Add warnings about disabling replay detection

2014-10-13 18:15:52 +02:00 · 2014-10-13 18:15:52 +02:00 · a6fcffe516
commit a6fcffe516
parent 37e08e1689
2 changed files with 13 additions and 1 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -931,6 +931,9 @@
 * Requires: POLARSSL_SSL_TLS_C
 *           POLARSSL_POLARSSL_PROTO_DTLS
 *
+ * \warning Disabling this is often a security risk!
+ * See ssl_set_dtls_anti_replay() for details.
+ *
 * Comment this to disable anti-replay in DTLS.
 */
 #define POLARSSL_SSL_DTLS_ANTI_REPLAY
@ -945,6 +948,8 @@
 * unless you know for sure amplification cannot be a problem in the
 * environment in which your server operates.
 *
+ * \warning Disabling this can ba a security risk! (see above)
+ *
 * Requires: POLARSSL_SSL_SRV_C
 *           POLARSSL_POLARSSL_PROTO_DTLS
 *