From 7c900780d939a0378abe4d881fdcf6fd62a4bff2 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Sun, 4 Nov 2012 16:29:08 +0000
Subject: [PATCH]  - Default to disabled renegotiation

---
 include/polarssl/ssl.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index 071288e92..3db7c4ade 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -116,8 +116,8 @@
 #define SSL_LEGACY_RENEGOTIATION        0
 #define SSL_SECURE_RENEGOTIATION        1
 
-#define SSL_RENEGOTIATION_ENABLED       0
-#define SSL_RENEGOTIATION_DISABLED      1
+#define SSL_RENEGOTIATION_DISABLED      0
+#define SSL_RENEGOTIATION_ENABLED       1
 
 #define SSL_LEGACY_NO_RENEGOTIATION     0
 #define SSL_LEGACY_ALLOW_RENEGOTIATION  1
@@ -852,7 +852,8 @@ void ssl_set_min_version( ssl_context *ssl, int major, int minor );
  *                 (Default: SSL_RENEGOTIATION_DISABLED)
  *
  *                 Note: A server with support enabled is more vulnerable for a
- *                 resource DoS by a malicious client.
+ *                 resource DoS by a malicious client. You should enable this on
+ *                 a client to enable server-initiated renegotiation.
  *
  * \param ssl      SSL context
  * \param renegotiation     Enable or disable (SSL_RENEGOTIATION_ENABLED or