aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2020-09-25 22:43:14 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2020-09-25 22:43:14 +0000
commit7fc1f569abf7c799c6334297ee020a01b5d3d71e (patch)
tree6494fa45d06ccd27128ac6675e338eb0ee59ac62 /crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod
parent2367fca656edb8ea52e6a2f7d8ef63e3a38966d6 (diff)
downloadsrc-7fc1f569abf7c799c6334297ee020a01b5d3d71e.tar.gz
src-7fc1f569abf7c799c6334297ee020a01b5d3d71e.zip
MFS: r366176
Merge OpenSSL 1.1.1h. Approved by: re (gjb)
Notes
Notes: svn path=/releng/12.2/; revision=366177
Diffstat (limited to 'crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod')
-rw-r--r--crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod8
1 files changed, 5 insertions, 3 deletions
diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod b/crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod
index eb4e4f5fa424..0273ccb97a83 100644
--- a/crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod
+++ b/crypto/openssl/doc/man3/SSL_CTX_set_psk_client_callback.pod
@@ -123,7 +123,9 @@ and it will use that in preference. If no such callback is present then it will
check to see if a callback has been set via SSL_CTX_set_psk_client_callback() or
SSL_set_psk_client_callback() and use that. In this case the B<hint> value will
always be NULL and the handshake digest will default to SHA-256 for any returned
-PSK.
+PSK. TLSv1.3 early data exchanges are possible in PSK connections only with the
+B<SSL_psk_use_session_cb_func> callback, and are not possible with the
+B<SSL_psk_client_cb_func> callback.
=head1 NOTES
@@ -133,7 +135,7 @@ A connection established via a TLSv1.3 PSK will appear as if session resumption
has occurred so that L<SSL_session_reused(3)> will return true.
There are no known security issues with sharing the same PSK between TLSv1.2 (or
-below) and TLSv1.3. However the RFC has this note of caution:
+below) and TLSv1.3. However, the RFC has this note of caution:
"While there is no known way in which the same PSK might produce related output
in both versions, only limited analysis has been done. Implementations can
@@ -166,7 +168,7 @@ were added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy