diff options
author | schwarze <> | 2020-09-21 15:18:13 +0000 |
---|---|---|
committer | schwarze <> | 2020-09-21 15:18:13 +0000 |
commit | fc8e6d5cd1971d9de7b7940c1a5bf70e5f877c3a (patch) | |
tree | 854cbd90972e63429accdf24fb1fcffefc75a01d /src/lib | |
parent | 11de539d915a22f42d21f9ed4114d8edd9a3f93d (diff) | |
download | openbsd-fc8e6d5cd1971d9de7b7940c1a5bf70e5f877c3a.tar.gz openbsd-fc8e6d5cd1971d9de7b7940c1a5bf70e5f877c3a.tar.bz2 openbsd-fc8e6d5cd1971d9de7b7940c1a5bf70e5f877c3a.zip |
s/before the handshake is complete/during the handshake/g
because that is both shorter and more precise;
wording suggested by jsing@
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/libssl/man/SSL_read_early_data.3 | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/src/lib/libssl/man/SSL_read_early_data.3 b/src/lib/libssl/man/SSL_read_early_data.3 index 71ad3c52a3..e08b954516 100644 --- a/src/lib/libssl/man/SSL_read_early_data.3 +++ b/src/lib/libssl/man/SSL_read_early_data.3 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: SSL_read_early_data.3,v 1.1 2020/09/21 08:53:56 schwarze Exp $ | 1 | .\" $OpenBSD: SSL_read_early_data.3,v 1.2 2020/09/21 15:18:13 schwarze Exp $ |
2 | .\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200 | 2 | .\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200 |
3 | .\" | 3 | .\" |
4 | .\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org> | 4 | .\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org> |
@@ -28,7 +28,7 @@ | |||
28 | .Nm SSL_write_early_data , | 28 | .Nm SSL_write_early_data , |
29 | .Nm SSL_read_early_data , | 29 | .Nm SSL_read_early_data , |
30 | .Nm SSL_get_early_data_status | 30 | .Nm SSL_get_early_data_status |
31 | .Nd transmit application data before the handshake is complete | 31 | .Nd transmit application data during the handshake |
32 | .Sh SYNOPSIS | 32 | .Sh SYNOPSIS |
33 | .In openssl/ssl.h | 33 | .In openssl/ssl.h |
34 | .Ft int | 34 | .Ft int |
@@ -87,8 +87,7 @@ and because when they are used, inconspicuous oversights are likely | |||
87 | to cause serious security vulnerabilities. | 87 | to cause serious security vulnerabilities. |
88 | .Pp | 88 | .Pp |
89 | If these functions are used, other TLS implementations | 89 | If these functions are used, other TLS implementations |
90 | may allow the transfer of application data | 90 | may allow the transfer of application data during the inital handshake. |
91 | before the inital handshake is complete. | ||
92 | Even when used as designed, security of the connection is compromised; | 91 | Even when used as designed, security of the connection is compromised; |
93 | in particular, application data is exchanged with unauthenticated peers, | 92 | in particular, application data is exchanged with unauthenticated peers, |
94 | and there is no forward secrecy. | 93 | and there is no forward secrecy. |
@@ -99,19 +98,19 @@ Other downsides include an increased risk of replay attacks. | |||
99 | and | 98 | and |
100 | .Fn SSL_SESSION_set_max_early_data | 99 | .Fn SSL_SESSION_set_max_early_data |
101 | are intended to configure the maximum number of bytes per session | 100 | are intended to configure the maximum number of bytes per session |
102 | that can be transmitted before the handshake is complete. | 101 | that can be transmitted during the handshake. |
103 | With LibreSSL, all arguments are ignored. | 102 | With LibreSSL, all arguments are ignored. |
104 | .Pp | 103 | .Pp |
105 | An endpoint can attempt to send application data with | 104 | An endpoint can attempt to send application data with |
106 | .Fn SSL_write_early_data | 105 | .Fn SSL_write_early_data |
107 | before the handshake is complete. | 106 | during the handshake. |
108 | With LibreSSL, such attempts always fail and set | 107 | With LibreSSL, such attempts always fail and set |
109 | .Pf * Fa written | 108 | .Pf * Fa written |
110 | to 0. | 109 | to 0. |
111 | .Pp | 110 | .Pp |
112 | A server can attempt to read application data from the client using | 111 | A server can attempt to read application data from the client using |
113 | .Fn SSL_read_early_data | 112 | .Fn SSL_read_early_data |
114 | before the handshake is complete. | 113 | during the handshake. |
115 | With LibreSSL, no such data is ever accepted and | 114 | With LibreSSL, no such data is ever accepted and |
116 | .Pf * Fa readbytes | 115 | .Pf * Fa readbytes |
117 | is always set to 0. | 116 | is always set to 0. |
@@ -128,7 +127,7 @@ With LibreSSL, they always succeed. | |||
128 | and | 127 | and |
129 | .Fn SSL_SESSION_get_max_early_data | 128 | .Fn SSL_SESSION_get_max_early_data |
130 | return the maximum number of bytes of application data | 129 | return the maximum number of bytes of application data |
131 | that will be accepted from the peer before the handshake is complete. | 130 | that will be accepted from the peer during the handshake. |
132 | With LibreSSL, they always return 0. | 131 | With LibreSSL, they always return 0. |
133 | .Pp | 132 | .Pp |
134 | .Fn SSL_write_early_data | 133 | .Fn SSL_write_early_data |