From 5524d40acf961013f38896fe442ee48e3dcd47ac Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 13 Jul 2018 07:10:11 +0200 Subject: doc: minor text updates Updated text for gnutls_session_ext_master_secret_status and for GNUTLS_NO_EXTENSIONS flag which is defunc. Signed-off-by: Nikos Mavrogiannopoulos --- lib/includes/gnutls/gnutls.h.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/includes') diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index f57d0d7cc7..52e9727486 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -377,7 +377,7 @@ typedef enum { * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). Since 3.0.0. * @GNUTLS_NONBLOCK: Connection should not block. Since 3.0.0. * @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2). - * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). + * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used. * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. Since 3.2.2. * @GNUTLS_ALLOW_ID_CHANGE: Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0. * @GNUTLS_ENABLE_FALSE_START: Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0. -- cgit v1.2.1