From 35ea9edfb255aa3faab69afd4f2bd2fd64dafd4b Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 23 Mar 2017 11:56:46 +0000 Subject: [PATCH] Tweak SSL_get_session.pod wording Based on feedback received. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3008) --- doc/man3/SSL_get_session.pod | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/doc/man3/SSL_get_session.pod b/doc/man3/SSL_get_session.pod index 33b365d337..b2e92af2ef 100644 --- a/doc/man3/SSL_get_session.pod +++ b/doc/man3/SSL_get_session.pod @@ -26,19 +26,19 @@ count of the B is incremented by one. =head1 NOTES The ssl session contains all information required to re-establish the -connection without a full handshake for SSL versions <= TLSv1.2. In TLSv1.3 the -same is true, but sessions are established after the main handshake has occurred. -The server will send the session information to the client at a time of its -choosing which may be some while after the initial connection is established (or -not at all). Calling these functions on the client side in TLSv1.3 before the -session has been established will still return an SSL_SESSION object but it -cannot be used for resuming the session. See L for -information on how to determine whether an SSL_SESSION object can be used for -resumption or not. - -Additionally, in TLSv1.3, a server can send multiple session messages for a -single connection. In that case the above functions will only return information -on the last session that was received. +connection without a full handshake for SSL versions up to and including +TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the +main handshake has occurred. The server will send the session information to the +client at a time of its choosing, which may be some while after the initial +connection is established (or never). Calling these functions on the client side +in TLSv1.3 before the session has been established will still return an +SSL_SESSION object but that object cannot be used for resuming the session. See +L for information on how to determine whether an +SSL_SESSION object can be used for resumption or not. + +Additionally, in TLSv1.3, a server can send multiple messages that establish a +session for a single connection. In that case the above functions will only +return information on the last session that was received. The preferred way for applications to obtain a resumable SSL_SESSION object is to use a new session callback as described in L. -- 2.25.1