History log of /openssl/doc/man3/SSL_read_early_data.pod (Results 1 – 25 of 26)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# da1c088f 07-Sep-2023 Matt Caswell

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes


# d6e7ebba 26-Jun-2023 Hugo Landau

Minor fixes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/op

Minor fixes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...


# 82a2beca 16-Jan-2023 Hugo Landau

QUIC SSL: Prohibit early data functionailty

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(M

QUIC SSL: Prohibit early data functionailty

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...


Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5
# 8c1cbc72 29-Jun-2020 Gustaf Neumann

Fix typos and repeated words

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from ht

Fix typos and repeated words

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12320)

show more ...


Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3
# 00c405b3 04-Jun-2020 Matt Caswell

Update copyright year

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12043)


Revision tags: openssl-3.0.0-alpha2
# b2a5001d 13-May-2020 raja-ashok

Update early data exchange scenarios in doc

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/1

Update early data exchange scenarios in doc

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11816)

show more ...


Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u
# 6e4618a0 04-Oct-2019 Rich Salz

Fix L<> entries without sections

Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226

Also remove two reference

Fix L<> entries without sections

Add sections (almost always "(3)" to L<> references that were missing
them. Among other things, this
Fixes: #10226

Also remove two references to non-existant manpages that have never
existed, and with the 3.0 structure, are unlikely to do so.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10240)

show more ...


# 9c0586d5 27-Sep-2019 Rich Salz

Fix errors found by new find-doc-nits

Also patch find-doc-nits to ignore a Microsoft trademark and not
flag it as a spelling error.

Reviewed-by: Richard Levitte <levitte@openssl

Fix errors found by new find-doc-nits

Also patch find-doc-nits to ignore a Microsoft trademark and not
flag it as a spelling error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10023)

show more ...


Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b
# df443918 31-Jan-2019 Sam Roberts

Remove unnecessary trailing whitespace

Trim trailing whitespace. It doesn't match OpenSSL coding standards,
AFAICT, and it can cause problems with git tooling.

Trailing whitespa

Remove unnecessary trailing whitespace

Trim trailing whitespace. It doesn't match OpenSSL coding standards,
AFAICT, and it can cause problems with git tooling.

Trailing whitespace remains in test data and external source.

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8092)

show more ...


# 4746f25a 06-Dec-2018 Richard Levitte

Following the license change, modify the boilerplates in doc/man3/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/78

Following the license change, modify the boilerplates in doc/man3/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7829)

show more ...


Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i
# b5cd751c 18-Jul-2018 Matt Caswell

Add a note about aborts encountered while sending early_data

In some circumstances it is possible for a client to have a session
reporting a max early data value that is greater than the

Add a note about aborts encountered while sending early_data

In some circumstances it is possible for a client to have a session
reporting a max early data value that is greater than the server will
support. In such cases the client could encounter an aborted connection.

Fixes #6735

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6740)

show more ...


# 2ce71b60 05-Jul-2018 Matt Caswell

Document SSL_CTX_set_recv_max_early_data() etc

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6655)


Revision tags: OpenSSL_1_1_1-pre8
# dc7a3543 07-Jun-2018 Matt Caswell

Document the new early data callback and option

Document SSL_OP_NO_ANTI_REPLAY and SSL_CTX_set_allow_early_data_cb()

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-b

Document the new early data callback and option

Document SSL_OP_NO_ANTI_REPLAY and SSL_CTX_set_allow_early_data_cb()

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6469)

show more ...


# 41145c35 22-Jun-2018 Matt Caswell

Document changes to SSL_OP_NO_TICKET for TLSv1.3

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/

Document changes to SSL_OP_NO_TICKET for TLSv1.3

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6563)

show more ...


Revision tags: OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3
# b0edda11 20-Mar-2018 Matt Caswell

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5689)


# 8a5ed9dc 19-Mar-2018 Tomas Mraz

Apply system_default configuration on SSL_CTX_new().

When SSL_CTX is created preinitialize it with system default
configuration from system_default section.

Reviewed-by: Tim Hud

Apply system_default configuration on SSL_CTX_new().

When SSL_CTX is created preinitialize it with system default
configuration from system_default section.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4848)

show more ...


# d2d67a4c 16-Mar-2018 Matt Caswell

Document the replay protection capabilities

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5644)


# c39e4048 28-Feb-2018 Benjamin Kaduk

Do not set a nonzero default max_early_data

When early data support was first added, this seemed like a good
idea, as it would allow applications to just add SSL_read_early_data()
ca

Do not set a nonzero default max_early_data

When early data support was first added, this seemed like a good
idea, as it would allow applications to just add SSL_read_early_data()
calls as needed and have things "Just Work". However, for applications
that do not use TLS 1.3 early data, there is a negative side effect.
Having a nonzero max_early_data in a SSL_CTX (and thus, SSL objects
derived from it) means that when generating a session ticket,
tls_construct_stoc_early_data() will indicate to the client that
the server supports early data. This is true, in that the implementation
of TLS 1.3 (i.e., OpenSSL) does support early data, but does not
necessarily indicate that the server application supports early data,
when the default value is nonzero. In this case a well-intentioned
client would send early data along with its resumption attempt, which
would then be ignored by the server application, a waste of network
bandwidth.

Since, in order to successfully use TLS 1.3 early data, the application
must introduce calls to SSL_read_early_data(), it is not much additional
burden to require that the application also calls
SSL_{CTX_,}set_max_early_data() in order to enable the feature; doing
so closes this scenario where early data packets would be sent on
the wire but ignored.

Update SSL_read_early_data.pod accordingly, and make s_server and
our test programs into applications that are compliant with the new
requirements on applications that use early data.

Fixes #4725

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5483)

show more ...


Revision tags: OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1
# c6a623ad 27-Dec-2017 Matt Caswell

Update the documentation for SSL_write_early_data()

Now that we attempt to send early data in the first TCP packet along with
the ClientHello, the documentation for SSL_write_early_data(

Update the documentation for SSL_write_early_data()

Now that we attempt to send early data in the first TCP packet along with
the ClientHello, the documentation for SSL_write_early_data() needed a
tweak.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4802)

show more ...


Revision tags: OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g
# f4411faa 10-Sep-2017 FdaSilvaYY

Various typo

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4457)


# 0ef28021 31-Aug-2017 Matt Caswell

Various review fixes for PSK early_data support

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)


# e17e1df7 13-Jul-2017 Matt Caswell

Add documentation for SSL_SESSION_set_max_early_data()

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3926)


# 0299f3f7 18-Jul-2017 Matt Caswell

Add some performance notes about early data

In particular add information about the effect of Nagle's algorithm on
early data.

Fixes #3906

Reviewed-by: Ben Kaduk <kaduk

Add some performance notes about early data

In particular add information about the effect of Nagle's algorithm on
early data.

Fixes #3906

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3955)

show more ...


Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f
# 27b138e9 19-May-2017 Josh Soref

Fix spelling errors in manpages

spelling: algorithm
spelling: anyway
spelling: assigned
spelling: authenticated
spelling: callback
spelling: certificate
spelling: com

Fix spelling errors in manpages

spelling: algorithm
spelling: anyway
spelling: assigned
spelling: authenticated
spelling: callback
spelling: certificate
spelling: compatibility
spelling: configuration
spelling: digest
spelling: encrypted
spelling: function
spelling: output
spelling: receive
spelling: renegotiation
spelling: signing
spelling: similar
spelling: string

(Merged from https://github.com/openssl/openssl/pull/3580)Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3580)

show more ...


Revision tags: OpenSSL-fips-2_0_16
# a8e75d56 30-Mar-2017 Kazuki Yamaguchi

Fix a typo in the SSL_get_max_early_data() declarations

SSL_get_max_early_data() recently added by 3fc8d856105e ("Construct the
ticket_early_data_info extension", 2017-02-17) is supposed

Fix a typo in the SSL_get_max_early_data() declarations

SSL_get_max_early_data() recently added by 3fc8d856105e ("Construct the
ticket_early_data_info extension", 2017-02-17) is supposed to take an
SSL, but it doesn't.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3113)

show more ...


12