diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-14 19:32:22 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-15 10:07:57 +0200 |
| commit | 45447d974c21665fae9e546b3857aefdf83f9d06 (patch) | |
| tree | 8bc10cbb51eb4c785ffa0e9097f49467211ecd82 /doc | |
| parent | 9cf6fae67a08e2e67bb0f0fa8bf83180aa974f32 (diff) | |
| download | gnutls-45447d974c21665fae9e546b3857aefdf83f9d06.tar.gz | |
doc: updated documentation on false start
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/cha-intro-tls.texi | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index 554db52181..60c289640e 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -645,18 +645,19 @@ Other helper functions are listed below. The TLS protocol was extended in @xcite{draft-ietf-tls-falsestart-01} to allow the client to send data to server in a single round trip. This change however operates on the borderline -of the TLS protocol security assumptions and should be used for the cases where the reduced +of the TLS protocol security guarrantees and should be used for the cases where the reduced latency outperforms the risk of an adversary intercepting the transferred data. In GnuTLS -applications can use @funcref{gnutls_handshake_set_false_start_function} to set -a function to be called prior to handshake completion. Typically the function will be used -to send the required data. - -Note however, that the API ensures that function set will be called, even -if the false start guarrantees are not satisfied. In that case the function will be called -after the full handshake completion. To verify that false start was used you may use -@funcref{gnutls_session_get_flags} and check for the @acronym{GNUTLS_SFLAGS_FALSE_START} flag. - -@showfuncdesc{gnutls_handshake_set_false_start_function} +applications can use the @acronym{GNUTLS_ENABLE_FALSE_START} as option to @funcref{gnutls_init} +to request an early return of the @funcref{gnutls_handshake} function. After that early +return the application is expected to transfer any data to be piggybacked on the last handshake +message. + +Note however, that the API ensures that the early return will not happen +if the false start requirements are not satisfied. That is on ciphersuites which are not +whitelisted for false start (see @xcite{draft-ietf-tls-falsestart-01}), the handshake +process will complete properly (i.e., no early return). To verify that false start was used you +may use @funcref{gnutls_session_get_flags} and check for the @acronym{GNUTLS_SFLAGS_FALSE_START} +flag. @node Application Layer Protocol Negotiation (ALPN) @subsection Application Layer Protocol Negotiation (ALPN) |