root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3 

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11816)

(cherry picked from commit e0bcb4f97f)
This commit is contained in:
raja-ashok 2020-05-13 23:32:44 +05:30 committed by Benjamin Kaduk
parent 5cea5841c7
commit 76b0d1f0db
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/man3/SSL_CTX_set_psk_client_callback.pod
View File

@ -123,7 +123,9 @@ and it will use that in preference. If no such callback is present then it will
check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or
SSL_set_psk_client_callback() and use that. In this case the B<hint> value will
always be NULL and the handshake digest will default to SHA-256 for any returned
PSK.
PSK. TLSv1.3 early data exchanges are possible in PSK connections only with the
B<SSL_psk_use_session_cb_func> callback, and are not possible with the
B<SSL_psk_client_cb_func> callback.
=head1 NOTES

4
doc/man3/SSL_CTX_use_psk_identity_hint.pod
View File

@ -83,7 +83,9 @@ via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback
and it will use that in preference. If no such callback is present then it will
check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or
SSL_set_psk_server_callback() and use that. In this case the handshake digest
will default to SHA-256 for any returned PSK.
will default to SHA-256 for any returned PSK. TLSv1.3 early data exchanges are
possible in PSK connections only with the B<SSL_psk_find_session_cb_func>
callback, and are not possible with the B<SSL_psk_server_cb_func> callback.
=head1 NOTES