diff options
author | Matt Caswell <matt@openssl.org> | 2017-03-23 11:56:46 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2017-04-26 16:46:46 +0100 |
commit | 35ea9edfb255aa3faab69afd4f2bd2fd64dafd4b (patch) | |
tree | 2d7d5bd2a6b955b9d848be1363d534f80edb13df /doc | |
parent | 150840b9443d371bfa26e2a33051aa137b5606fc (diff) |
Tweak SSL_get_session.pod wording
Based on feedback received.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3008)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/SSL_get_session.pod | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/doc/man3/SSL_get_session.pod b/doc/man3/SSL_get_session.pod index 33b365d337..b2e92af2ef 100644 --- a/doc/man3/SSL_get_session.pod +++ b/doc/man3/SSL_get_session.pod @@ -26,19 +26,19 @@ count of the B<SSL_SESSION> is incremented by one. =head1 NOTES The ssl session contains all information required to re-establish the -connection without a full handshake for SSL versions <= TLSv1.2. In TLSv1.3 the -same is true, but sessions are established after the main handshake has occurred. -The server will send the session information to the client at a time of its -choosing which may be some while after the initial connection is established (or -not at all). Calling these functions on the client side in TLSv1.3 before the -session has been established will still return an SSL_SESSION object but it -cannot be used for resuming the session. See L<SSL_SESSION_is_resumable(3)> for -information on how to determine whether an SSL_SESSION object can be used for -resumption or not. - -Additionally, in TLSv1.3, a server can send multiple session messages for a -single connection. In that case the above functions will only return information -on the last session that was received. +connection without a full handshake for SSL versions up to and including +TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the +main handshake has occurred. The server will send the session information to the +client at a time of its choosing, which may be some while after the initial +connection is established (or never). Calling these functions on the client side +in TLSv1.3 before the session has been established will still return an +SSL_SESSION object but that object cannot be used for resuming the session. See +L<SSL_SESSION_is_resumable(3)> for information on how to determine whether an +SSL_SESSION object can be used for resumption or not. + +Additionally, in TLSv1.3, a server can send multiple messages that establish a +session for a single connection. In that case the above functions will only +return information on the last session that was received. The preferred way for applications to obtain a resumable SSL_SESSION object is to use a new session callback as described in L<SSL_CTX_sess_set_new_cb(3)>. |