Document the effect of SSL_OP_CLEANSE_PLAINTEXT on send stream data

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21311)
This commit is contained in:
Tomas Mraz 2023-06-28 17:12:13 +02:00 committed by Pauli
parent 292c9df266
commit 42926ca7f2

View File

@ -129,7 +129,7 @@ connection. Only available when using the deprecated DTLSv1_client_method() API.
=item SSL_OP_CLEANSE_PLAINTEXT
By default TLS connections keep a copy of received plaintext
By default TLS and QUIC SSL objects keep a copy of received plaintext
application data in a static buffer until it is overwritten by the
next portion of data. When enabling SSL_OP_CLEANSE_PLAINTEXT
deciphered application data is cleansed by calling OPENSSL_cleanse(3)
@ -141,6 +141,14 @@ responsible for cleansing all other buffers. Most notably, this
applies to buffers passed to functions like L<SSL_read(3)>,
L<SSL_peek(3)> but also like L<SSL_write(3)>.
TLS connections do not buffer data to be sent in plaintext. QUIC stream
objects do buffer plaintext data to be sent and this option will also cause
that data to be cleansed when it is discarded.
This option can be set differently on individual QUIC stream objects and
has no effect on QUIC connection objects (except where a default stream is
being used).
=item SSL_OP_COOKIE_EXCHANGE
Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. Only affects