From 8d16e3510d6f523d182e94f4e9e5caa4989565fe Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@nicira.com>
Date: Wed, 19 Mar 2008 09:35:11 -0700
Subject: [PATCH] Document that we use TLSv1.

---
 INSTALL | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/INSTALL b/INSTALL
index db567b71..2efa7623 100644
--- a/INSTALL
+++ b/INSTALL
@@ -185,8 +185,8 @@ Secure operation over SSL
 -------------------------
 
 The instructions above set up OpenFlow for operation over a plaintext
-TCP connection.  Production use of OpenFlow should use SSL to ensure
-confidentiality and authenticity of traffic among switches and
+TCP connection.  Production use of OpenFlow should use SSL[*] to
+ensure confidentiality and authenticity of traffic among switches and
 controllers.
 
 To use SSL with OpenFlow, you must set up a public-key infrastructure
@@ -219,6 +219,11 @@ instructions below, then the invocation would look like:
       % secchan -v nl:0 ssl:192.168.1.2 --private-key=sc-privkey.pem \
             --certificate=sc-cert.pem --ca-cert=pki/controllerca/cacert.pem
 
+[*] To be specific, OpenFlow uses TLS version 1.0 or later (TLSv1), as
+    specified by RFC 2246, which is very similar to SSL version 3.0.
+    TLSv1 was released in January 1999, so all current software and
+    hardware should implement it.
+
 Establishing a Public Key Infrastructure
 ----------------------------------------
 
-- 
2.30.2