1 files changed, 7 insertions, 8 deletions
diff --git a/src/lib/libssl/man/SSL_read_early_data.3 b/src/lib/libssl/man/SSL_read_early_data.3
index 71ad3c52a3..e08b954516 100644
--- a/src/lib/libssl/man/SSL_read_early_data.3
+++ b/src/lib/libssl/man/SSL_read_early_data.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: SSL_read_early_data.3,v 1.1 2020/09/21 08:53:56 schwarze Exp $
+.\" $OpenBSD: SSL_read_early_data.3,v 1.2 2020/09/21 15:18:13 schwarze Exp $
 .\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
 .\"
 .\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
@@ -28,7 +28,7 @@
 .Nm SSL_write_early_data ,
 .Nm SSL_read_early_data ,
 .Nm SSL_get_early_data_status
-.Nd transmit application data before the handshake is complete
+.Nd transmit application data during the handshake
 .Sh SYNOPSIS
 .In openssl/ssl.h
 .Ft int
@@ -87,8 +87,7 @@ and because when they are used, inconspicuous oversights are likely
 to cause serious security vulnerabilities.
 .Pp
 If these functions are used, other TLS implementations
-may allow the transfer of application data
+may allow the transfer of application data during the inital handshake.
-before the inital handshake is complete.
 Even when used as designed, security of the connection is compromised;
 in particular, application data is exchanged with unauthenticated peers,
 and there is no forward secrecy.
@@ -99,19 +98,19 @@ Other downsides include an increased risk of replay attacks.
 and
 .Fn SSL_SESSION_set_max_early_data
 are intended to configure the maximum number of bytes per session
-that can be transmitted before the handshake is complete.
+that can be transmitted during the handshake.
 With LibreSSL, all arguments are ignored.
 .Pp
 An endpoint can attempt to send application data with
 .Fn SSL_write_early_data
-before the handshake is complete.
+during the handshake.
 With LibreSSL, such attempts always fail and set
 .Pf * Fa written
 to 0.
 .Pp
 A server can attempt to read application data from the client using
 .Fn SSL_read_early_data
-before the handshake is complete.
+during the handshake.
 With LibreSSL, no such data is ever accepted and
 .Pf * Fa readbytes
 is always set to 0.
@@ -128,7 +127,7 @@ With LibreSSL, they always succeed.
 and
 .Fn SSL_SESSION_get_max_early_data
 return the maximum number of bytes of application data
-that will be accepted from the peer before the handshake is complete.
+that will be accepted from the peer during the handshake.
 With LibreSSL, they always return 0.
 .Pp
 .Fn SSL_write_early_data

diff --git a/src/lib/libssl/man/SSL_read_early_data.3 b/src/lib/libssl/man/SSL_read_early_data.3 index 71ad3c52a3..e08b954516 100644 --- a/src/lib/libssl/man/SSL_read_early_data.3 +++ b/src/lib/libssl/man/SSL_read_early_data.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_read_early_data.3,v 1.1 2020/09/21 08:53:56 schwarze Exp $	1	.\" $OpenBSD: SSL_read_early_data.3,v 1.2 2020/09/21 15:18:13 schwarze Exp $
2	.\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200	2	.\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
3	.\"	3	.\"
4	.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>	4	.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
@@ -28,7 +28,7 @@
28	.Nm SSL_write_early_data ,	28	.Nm SSL_write_early_data ,
29	.Nm SSL_read_early_data ,	29	.Nm SSL_read_early_data ,
30	.Nm SSL_get_early_data_status	30	.Nm SSL_get_early_data_status
31	.Nd transmit application data before the handshake is complete	31	.Nd transmit application data during the handshake
32	.Sh SYNOPSIS	32	.Sh SYNOPSIS
33	.In openssl/ssl.h	33	.In openssl/ssl.h
34	.Ft int	34	.Ft int
@@ -87,8 +87,7 @@ and because when they are used, inconspicuous oversights are likely
87	to cause serious security vulnerabilities.	87	to cause serious security vulnerabilities.
88	.Pp	88	.Pp
89	If these functions are used, other TLS implementations	89	If these functions are used, other TLS implementations
90	may allow the transfer of application data	90	may allow the transfer of application data during the inital handshake.
91	before the inital handshake is complete.
92	Even when used as designed, security of the connection is compromised;	91	Even when used as designed, security of the connection is compromised;
93	in particular, application data is exchanged with unauthenticated peers,	92	in particular, application data is exchanged with unauthenticated peers,
94	and there is no forward secrecy.	93	and there is no forward secrecy.
@@ -99,19 +98,19 @@ Other downsides include an increased risk of replay attacks.
99	and	98	and
100	.Fn SSL_SESSION_set_max_early_data	99	.Fn SSL_SESSION_set_max_early_data
101	are intended to configure the maximum number of bytes per session	100	are intended to configure the maximum number of bytes per session
102	that can be transmitted before the handshake is complete.	101	that can be transmitted during the handshake.
103	With LibreSSL, all arguments are ignored.	102	With LibreSSL, all arguments are ignored.
104	.Pp	103	.Pp
105	An endpoint can attempt to send application data with	104	An endpoint can attempt to send application data with
106	.Fn SSL_write_early_data	105	.Fn SSL_write_early_data
107	before the handshake is complete.	106	during the handshake.
108	With LibreSSL, such attempts always fail and set	107	With LibreSSL, such attempts always fail and set
109	.Pf * Fa written	108	.Pf * Fa written
110	to 0.	109	to 0.
111	.Pp	110	.Pp
112	A server can attempt to read application data from the client using	111	A server can attempt to read application data from the client using
113	.Fn SSL_read_early_data	112	.Fn SSL_read_early_data
114	before the handshake is complete.	113	during the handshake.
115	With LibreSSL, no such data is ever accepted and	114	With LibreSSL, no such data is ever accepted and
116	.Pf * Fa readbytes	115	.Pf * Fa readbytes
117	is always set to 0.	116	is always set to 0.
@@ -128,7 +127,7 @@ With LibreSSL, they always succeed.
128	and	127	and
129	.Fn SSL_SESSION_get_max_early_data	128	.Fn SSL_SESSION_get_max_early_data
130	return the maximum number of bytes of application data	129	return the maximum number of bytes of application data
131	that will be accepted from the peer before the handshake is complete.	130	that will be accepted from the peer during the handshake.
132	With LibreSSL, they always return 0.	131	With LibreSSL, they always return 0.
133	.Pp	132	.Pp
134	.Fn SSL_write_early_data	133	.Fn SSL_write_early_data