[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Tue Sep 4 10:35:12 UTC 2018 

The branch master has been updated
       via  8ec2bde994c272f7b14b4cc4d9232f38b9211cb1 (commit)
      from  b2c4909c208994a94b4b09e1c34316c889985bb0 (commit)


- Log -----------------------------------------------------------------
commit 8ec2bde994c272f7b14b4cc4d9232f38b9211cb1
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Sep 3 11:57:33 2018 +0100

    Clarify the return value of SSL_client_version()
    
    The SSL_client_version() function returns the value held in the
    legacy_version field of the ClientHello. This is never greater than
    TLSv1.2, even if TLSv1.3 later gets negotiated.
    
    Fixes #7079
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7095)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_get_version.pod | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod
index 9b49242..b0aaba3 100644
--- a/doc/man3/SSL_get_version.pod
+++ b/doc/man3/SSL_get_version.pod
@@ -19,17 +19,20 @@ protocol information of a connection
 
 =head1 DESCRIPTION
 
-SSL_client_version() returns the protocol version used by the client when
-initiating the connection. SSL_get_version() returns the name of the protocol
-used for the connection. SSL_version() returns the protocol version used for the
-connection. They should only be called after the initial handshake has been
-completed. Prior to that the results returned from these functions may be
-unreliable.
+SSL_client_version() returns the numeric protocol version advertised by the
+client in the legacy_version field of the ClientHello when initiating the
+connection. Note that, for TLS, this value will never indicate a version greater
+than TLSv1.2 even if TLSv1.3 is subsequently negotiated. SSL_get_version()
+returns the name of the protocol used for the connection. SSL_version() returns
+the numeric protocol version used for the connection. They should only be called
+after the initial handshake has been completed. Prior to that the results
+returned from these functions may be unreliable.
 
 SSL_is_dtls() returns one if the connection is using DTLS, zero if not.
 
 =head1 RETURN VALUES
 
+
 SSL_get_version() returns one of the following strings:
 
 =over 4
@@ -60,8 +63,8 @@ This indicates an unknown protocol version.
 
 =back
 
-SSL_version() and SSL_client_version() return an integer which could include any of
-the following:
+SSL_version() and SSL_client_version() return an integer which could include any
+of the following:
 
 =over 4
 
@@ -83,7 +86,8 @@ The connection uses the TLSv1.2 protocol.
 
 =item TLS1_3_VERSION
 
-The connection uses the TLSv1.3 protocol.
+The connection uses the TLSv1.3 protocol (never returned for
+SSL_client_version()).
 
 =back

More information about the openssl-commits mailing list