mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
Document the effect of SSL_OP_CLEANSE_PLAINTEXT on send stream data
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21311)
This commit is contained in:
parent
292c9df266
commit
42926ca7f2
@ -129,7 +129,7 @@ connection. Only available when using the deprecated DTLSv1_client_method() API.
|
||||
|
||||
=item SSL_OP_CLEANSE_PLAINTEXT
|
||||
|
||||
By default TLS connections keep a copy of received plaintext
|
||||
By default TLS and QUIC SSL objects keep a copy of received plaintext
|
||||
application data in a static buffer until it is overwritten by the
|
||||
next portion of data. When enabling SSL_OP_CLEANSE_PLAINTEXT
|
||||
deciphered application data is cleansed by calling OPENSSL_cleanse(3)
|
||||
@ -141,6 +141,14 @@ responsible for cleansing all other buffers. Most notably, this
|
||||
applies to buffers passed to functions like L<SSL_read(3)>,
|
||||
L<SSL_peek(3)> but also like L<SSL_write(3)>.
|
||||
|
||||
TLS connections do not buffer data to be sent in plaintext. QUIC stream
|
||||
objects do buffer plaintext data to be sent and this option will also cause
|
||||
that data to be cleansed when it is discarded.
|
||||
|
||||
This option can be set differently on individual QUIC stream objects and
|
||||
has no effect on QUIC connection objects (except where a default stream is
|
||||
being used).
|
||||
|
||||
=item SSL_OP_COOKIE_EXCHANGE
|
||||
|
||||
Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects
|
||||
|
Loading…
Reference in New Issue
Block a user