root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Tweak SSL_get_session.pod wording 

Based on feedback received.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3008)
This commit is contained in:
Matt Caswell 2017-03-23 11:56:46 +00:00
parent 150840b944
commit 35ea9edfb2
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
doc/man3/SSL_get_session.pod
View File

@ -26,19 +26,19 @@ count of the B<SSL_SESSION> is incremented by one.
=head1 NOTES
The ssl session contains all information required to re-establish the
connection without a full handshake for SSL versions <= TLSv1.2. In TLSv1.3 the
same is true, but sessions are established after the main handshake has occurred.
The server will send the session information to the client at a time of its
choosing which may be some while after the initial connection is established (or
not at all). Calling these functions on the client side in TLSv1.3 before the
session has been established will still return an SSL_SESSION object but it
cannot be used for resuming the session. See L<SSL_SESSION_is_resumable(3)> for
information on how to determine whether an SSL_SESSION object can be used for
resumption or not.
connection without a full handshake for SSL versions up to and including
TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the
main handshake has occurred. The server will send the session information to the
client at a time of its choosing, which may be some while after the initial
connection is established (or never). Calling these functions on the client side
in TLSv1.3 before the session has been established will still return an
SSL_SESSION object but that object cannot be used for resuming the session. See
L<SSL_SESSION_is_resumable(3)> for information on how to determine whether an
SSL_SESSION object can be used for resumption or not.
Additionally, in TLSv1.3, a server can send multiple session messages for a
single connection. In that case the above functions will only return information
on the last session that was received.
Additionally, in TLSv1.3, a server can send multiple messages that establish a
session for a single connection. In that case the above functions will only
return information on the last session that was received.
The preferred way for applications to obtain a resumable SSL_SESSION object is
to use a new session callback as described in L<SSL_CTX_sess_set_new_cb(3)>.