From de5e2cb541699e11a2b82de1d7f98f62bc207a1d Mon Sep 17 00:00:00 2001 From: raja-ashok Date: Wed, 13 May 2020 23:37:14 +0530 Subject: [PATCH] Update early data exchange scenarios in doc Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/11816) (cherry picked from commit b2a5001d954e81e2a582f2a935212ab554a3cbbe) --- doc/man3/SSL_read_early_data.pod | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index c51fe1359d..d3552c928b 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -58,10 +58,11 @@ SSL_set_allow_early_data_cb These functions are used to send and receive early data where TLSv1.3 has been negotiated. Early data can be sent by the client immediately after its initial ClientHello without having to wait for the server to complete the handshake. -Early data can only be sent if a session has previously been established with -the server, and the server is known to support it. Additionally these functions -can be used to send data from the server to the client when the client has not -yet completed the authentication stage of the handshake. +Early data can be sent if a session has previously been established with the +server or when establishing a new session using an out-of-band PSK, and only +when the server is known to support it. Additionally these functions can be used +to send data from the server to the client when the client has not yet completed +the authentication stage of the handshake. Early data has weaker security properties than other data sent over an SSL/TLS connection. In particular the data does not have forward secrecy. There are also -- 2.25.1