diff options
author | raja-ashok <rashok.svks@gmail.com> | 2020-05-13 23:32:44 +0530 |
---|---|---|
committer | Benjamin Kaduk <kaduk@mit.edu> | 2020-05-19 10:07:24 -0700 |
commit | e0bcb4f97f7496af032013ead15b7472b60e85fa (patch) | |
tree | cacf5f03d81fb71d15b4a18a8996fbf6aa6e8d93 | |
parent | e638112e15c63bfb4ab9bf5af66aa439e5983f23 (diff) | |
download | openssl-e0bcb4f97f7496af032013ead15b7472b60e85fa.zip openssl-e0bcb4f97f7496af032013ead15b7472b60e85fa.tar.gz openssl-e0bcb4f97f7496af032013ead15b7472b60e85fa.tar.bz2 |
Update limitation of psk_client_cb and psk_server_cb in usage with TLSv1.3
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11816)
-rw-r--r-- | doc/man3/SSL_CTX_set_psk_client_callback.pod | 4 | ||||
-rw-r--r-- | doc/man3/SSL_CTX_use_psk_identity_hint.pod | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod index 55ffb31..70eefa0 100644 --- a/doc/man3/SSL_CTX_set_psk_client_callback.pod +++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -123,7 +123,9 @@ and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or SSL_set_psk_client_callback() and use that. In this case the B<hint> value will always be NULL and the handshake digest will default to SHA-256 for any returned -PSK. +PSK. TLSv1.3 early data exchanges are possible in PSK connections only with the +B<SSL_psk_use_session_cb_func> callback, and are not possible with the +B<SSL_psk_client_cb_func> callback. =head1 NOTES diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/doc/man3/SSL_CTX_use_psk_identity_hint.pod index 937c91a..0e70d4d 100644 --- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod +++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod @@ -83,7 +83,9 @@ via SSL_CTX_set_psk_find_session_callback() or SSL_set_psk_find_session_callback and it will use that in preference. If no such callback is present then it will check to see if a callback has been set via SSL_CTX_set_psk_server_callback() or SSL_set_psk_server_callback() and use that. In this case the handshake digest -will default to SHA-256 for any returned PSK. +will default to SHA-256 for any returned PSK. TLSv1.3 early data exchanges are +possible in PSK connections only with the B<SSL_psk_find_session_cb_func> +callback, and are not possible with the B<SSL_psk_server_cb_func> callback. A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that L<SSL_session_reused(3)> will return true. |