diff options
author | Matt Caswell <matt@openssl.org> | 2018-09-03 11:57:33 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-09-04 11:34:40 +0100 |
commit | 8ec2bde994c272f7b14b4cc4d9232f38b9211cb1 (patch) | |
tree | 3731f5c75b82166cc43de862e1b5c6d10ef1c829 | |
parent | b2c4909c208994a94b4b09e1c34316c889985bb0 (diff) | |
download | openssl-8ec2bde994c272f7b14b4cc4d9232f38b9211cb1.zip openssl-8ec2bde994c272f7b14b4cc4d9232f38b9211cb1.tar.gz openssl-8ec2bde994c272f7b14b4cc4d9232f38b9211cb1.tar.bz2 |
Clarify the return value of SSL_client_version()
The SSL_client_version() function returns the value held in the
legacy_version field of the ClientHello. This is never greater than
TLSv1.2, even if TLSv1.3 later gets negotiated.
Fixes #7079
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7095)
-rw-r--r-- | doc/man3/SSL_get_version.pod | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod index 9b49242..b0aaba3 100644 --- a/doc/man3/SSL_get_version.pod +++ b/doc/man3/SSL_get_version.pod @@ -19,17 +19,20 @@ protocol information of a connection =head1 DESCRIPTION -SSL_client_version() returns the protocol version used by the client when -initiating the connection. SSL_get_version() returns the name of the protocol -used for the connection. SSL_version() returns the protocol version used for the -connection. They should only be called after the initial handshake has been -completed. Prior to that the results returned from these functions may be -unreliable. +SSL_client_version() returns the numeric protocol version advertised by the +client in the legacy_version field of the ClientHello when initiating the +connection. Note that, for TLS, this value will never indicate a version greater +than TLSv1.2 even if TLSv1.3 is subsequently negotiated. SSL_get_version() +returns the name of the protocol used for the connection. SSL_version() returns +the numeric protocol version used for the connection. They should only be called +after the initial handshake has been completed. Prior to that the results +returned from these functions may be unreliable. SSL_is_dtls() returns one if the connection is using DTLS, zero if not. =head1 RETURN VALUES + SSL_get_version() returns one of the following strings: =over 4 @@ -60,8 +63,8 @@ This indicates an unknown protocol version. =back -SSL_version() and SSL_client_version() return an integer which could include any of -the following: +SSL_version() and SSL_client_version() return an integer which could include any +of the following: =over 4 @@ -83,7 +86,8 @@ The connection uses the TLSv1.2 protocol. =item TLS1_3_VERSION -The connection uses the TLSv1.3 protocol. +The connection uses the TLSv1.3 protocol (never returned for +SSL_client_version()). =back |