wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clarify the return value of SSL_client_version()

Browse source 
The SSL_client_version() function returns the value held in the
legacy_version field of the ClientHello. This is never greater than
TLSv1.2, even if TLSv1.3 later gets negotiated.

Fixes #7079

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7095)
This commit is contained in:
Matt Caswell 2018-09-03 11:57:33 +01:00
parent b2c4909c20
commit 8ec2bde994
1 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
doc/man3/SSL_get_version.pod
View file

@ -19,17 +19,20 @@ protocol information of a connection
=head1 DESCRIPTION
SSL_client_version() returns the protocol version used by the client when
initiating the connection. SSL_get_version() returns the name of the protocol
used for the connection. SSL_version() returns the protocol version used for the
connection. They should only be called after the initial handshake has been
completed. Prior to that the results returned from these functions may be
unreliable.
SSL_client_version() returns the numeric protocol version advertised by the
client in the legacy_version field of the ClientHello when initiating the
connection. Note that, for TLS, this value will never indicate a version greater
than TLSv1.2 even if TLSv1.3 is subsequently negotiated. SSL_get_version()
returns the name of the protocol used for the connection. SSL_version() returns
the numeric protocol version used for the connection. They should only be called
after the initial handshake has been completed. Prior to that the results
returned from these functions may be unreliable.
SSL_is_dtls() returns one if the connection is using DTLS, zero if not.
=head1 RETURN VALUES
SSL_get_version() returns one of the following strings:
=over 4
@ -60,8 +63,8 @@ This indicates an unknown protocol version.
=back
SSL_version() and SSL_client_version() return an integer which could include any of
the following:
SSL_version() and SSL_client_version() return an integer which could include any
of the following:
=over 4
@ -83,7 +86,8 @@ The connection uses the TLSv1.2 protocol.
=item TLS1_3_VERSION
The connection uses the TLSv1.3 protocol.
The connection uses the TLSv1.3 protocol (never returned for
SSL_client_version()).
=back