From 277c01d4872af51c7ce52c92dc8bb37c50c129c6 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Mon, 18 Mar 2019 18:31:15 +0000 Subject: * note that the handshake must be completed first * correct the description of "unknown" (the previous are both from OpenSSL 1.1.1, still under a free license) * add a comment saying that TLS1_get_version() and TLS1_get_client_version() are intentionally undocumented (reasons provided by jsing@) --- src/lib/libssl/man/SSL_get_version.3 | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/lib/libssl/man/SSL_get_version.3 b/src/lib/libssl/man/SSL_get_version.3 index f8999d8695..cc4297c5ba 100644 --- a/src/lib/libssl/man/SSL_get_version.3 +++ b/src/lib/libssl/man/SSL_get_version.3 @@ -1,5 +1,6 @@ -.\" $OpenBSD: SSL_get_version.3,v 1.6 2019/01/21 12:35:33 schwarze Exp $ -.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" $OpenBSD: SSL_get_version.3,v 1.7 2019/03/18 18:31:15 schwarze Exp $ +.\" full merge up to: OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 .\" .\" This file was written by Lutz Jaenicke . .\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project. All rights reserved. @@ -48,12 +49,18 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 21 2019 $ +.Dd $Mdocdate: March 18 2019 $ .Dt SSL_GET_VERSION 3 .Os .Sh NAME .Nm SSL_get_version , .Nm SSL_version +.\" The following are intentionally undocumented because +.\" - the longer term plan is to remove them +.\" - nothing appears to be using them in the wild +.\" - and they have the wrong namespace prefix +.\" Nm TLS1_get_version +.\" Nm TLS1_get_client_version .Nd get the protocol version of a connection .Sh SYNOPSIS .In openssl/ssl.h @@ -68,6 +75,9 @@ returns the name of the protocol used for the connection .Pp .Fn SSL_version returns an integer constant representing that protocol. +.Pp +These functions only return reliable results +after the initial handshake has been completed. .Sh RETURN VALUES The following strings or integers can be returned: .Bl -tag -width Ds @@ -82,7 +92,8 @@ The connection uses the TLSv1.3 protocol. .It Qo DTLSv1 Qc No or Dv DTLS1_VERSION The connection uses the Datagram Transport Layer Security 1.0 protocol. .It Qq unknown -This indicates that no version has been set (no connection established). +This indicates an unknown protocol version; +it cannot currently happen with LibreSSL. .El .Sh SEE ALSO .Xr ssl 3 -- cgit v1.2.3-55-g6feb