mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-01-12 23:46:17 +01:00
Update documentation of g_tls_client_connection_set_use_ssl3()
We now send the fallback SCSV, meaning use of this function will cause modern servers to immediately terminate the connection, so let's warn API users to expect that behavior and be crystal clear that this function should only be used as a fallback when a normal connection attempt has already failed. Also, the documentation is mostly duplicated between the property and the function, so let's just reference the function documentation from the property.
This commit is contained in:
parent
94a99ae917
commit
08fe93589e
@ -105,14 +105,7 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
|
|||||||
*
|
*
|
||||||
* If %TRUE, forces the connection to use a fallback version of TLS
|
* If %TRUE, forces the connection to use a fallback version of TLS
|
||||||
* or SSL, rather than trying to negotiate the best version of TLS
|
* or SSL, rather than trying to negotiate the best version of TLS
|
||||||
* to use. This can be used when talking to servers that don't
|
* to use. See g_tls_client_connection_set_use_ssl3().
|
||||||
* implement version negotiation correctly and therefore refuse to
|
|
||||||
* handshake at all with a modern TLS handshake.
|
|
||||||
*
|
|
||||||
* Despite the property name, the fallback version is usually not
|
|
||||||
* SSL 3.0, because SSL 3.0 is generally disabled by the #GTlsBackend.
|
|
||||||
* #GTlsClientConnection will use the next-highest available version
|
|
||||||
* as the fallback version.
|
|
||||||
*
|
*
|
||||||
* Since: 2.28
|
* Since: 2.28
|
||||||
*
|
*
|
||||||
@ -304,14 +297,19 @@ g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
|
|||||||
* @conn: the #GTlsClientConnection
|
* @conn: the #GTlsClientConnection
|
||||||
* @use_ssl3: whether to use the lowest-supported protocol version
|
* @use_ssl3: whether to use the lowest-supported protocol version
|
||||||
*
|
*
|
||||||
* If @use_ssl3 is %TRUE, this forces @conn to use the lowest-supported
|
* Since 2.42.1, if @use_ssl3 is %TRUE, this forces @conn to use the
|
||||||
* TLS protocol version rather than trying to properly negotiate the
|
* lowest-supported TLS protocol version rather than trying to properly
|
||||||
* highest mutually-supported protocol version with the peer. This can
|
* negotiate the highest mutually-supported protocol version with the
|
||||||
* be used when talking to broken TLS servers that exhibit protocol
|
* peer. Be aware that SSL 3.0 is generally disabled by the
|
||||||
* version intolerance.
|
* #GTlsBackend, so the lowest-supported protocol version is probably
|
||||||
|
* not SSL 3.0.
|
||||||
*
|
*
|
||||||
* Be aware that SSL 3.0 is generally disabled by the #GTlsBackend, so
|
* Since 2.58, this may additionally cause an RFC 7507 fallback SCSV to
|
||||||
* the lowest-supported protocol version is probably not SSL 3.0.
|
* be sent to the server, causing modern TLS servers to immediately
|
||||||
|
* terminate the connection. You should generally only use this function
|
||||||
|
* if you need to connect to broken servers that exhibit TLS protocol
|
||||||
|
* version intolerance, and when an initial attempt to connect to a
|
||||||
|
* server normally has already failed.
|
||||||
*
|
*
|
||||||
* Since: 2.28
|
* Since: 2.28
|
||||||
*
|
*
|
||||||
|
Loading…
Reference in New Issue
Block a user