From: Matt Caswell Date: Thu, 23 Mar 2017 11:56:46 +0000 (+0000) Subject: Tweak SSL_get_session.pod wording X-Git-Tag: OpenSSL_1_1_1-pre1~1657 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=35ea9edfb255aa3faab69afd4f2bd2fd64dafd4b;p=openssl Tweak SSL_get_session.pod wording Based on feedback received. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3008) --- diff --git a/doc/man3/SSL_get_session.pod b/doc/man3/SSL_get_session.pod index 33b365d337..b2e92af2ef 100644 --- a/doc/man3/SSL_get_session.pod +++ b/doc/man3/SSL_get_session.pod @@ -26,19 +26,19 @@ count of the B is incremented by one. =head1 NOTES The ssl session contains all information required to re-establish the -connection without a full handshake for SSL versions <= TLSv1.2. In TLSv1.3 the -same is true, but sessions are established after the main handshake has occurred. -The server will send the session information to the client at a time of its -choosing which may be some while after the initial connection is established (or -not at all). Calling these functions on the client side in TLSv1.3 before the -session has been established will still return an SSL_SESSION object but it -cannot be used for resuming the session. See L for -information on how to determine whether an SSL_SESSION object can be used for -resumption or not. - -Additionally, in TLSv1.3, a server can send multiple session messages for a -single connection. In that case the above functions will only return information -on the last session that was received. +connection without a full handshake for SSL versions up to and including +TLSv1.2. In TLSv1.3 the same is true, but sessions are established after the +main handshake has occurred. The server will send the session information to the +client at a time of its choosing, which may be some while after the initial +connection is established (or never). Calling these functions on the client side +in TLSv1.3 before the session has been established will still return an +SSL_SESSION object but that object cannot be used for resuming the session. See +L for information on how to determine whether an +SSL_SESSION object can be used for resumption or not. + +Additionally, in TLSv1.3, a server can send multiple messages that establish a +session for a single connection. In that case the above functions will only +return information on the last session that was received. The preferred way for applications to obtain a resumable SSL_SESSION object is to use a new session callback as described in L.