mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2024-12-25 15:06:14 +01:00
Update documentation of g_tls_client_connection_set_use_ssl3()
We now send the fallback SCSV, meaning use of this function will cause modern servers to immediately terminate the connection, so let's warn API users to expect that behavior and be crystal clear that this function should only be used as a fallback when a normal connection attempt has already failed. Also, the documentation is mostly duplicated between the property and the function, so let's just reference the function documentation from the property.
This commit is contained in:
parent
94a99ae917
commit
08fe93589e
@ -105,14 +105,7 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
|
||||
*
|
||||
* If %TRUE, forces the connection to use a fallback version of TLS
|
||||
* or SSL, rather than trying to negotiate the best version of TLS
|
||||
* to use. This can be used when talking to servers that don't
|
||||
* implement version negotiation correctly and therefore refuse to
|
||||
* handshake at all with a modern TLS handshake.
|
||||
*
|
||||
* Despite the property name, the fallback version is usually not
|
||||
* SSL 3.0, because SSL 3.0 is generally disabled by the #GTlsBackend.
|
||||
* #GTlsClientConnection will use the next-highest available version
|
||||
* as the fallback version.
|
||||
* to use. See g_tls_client_connection_set_use_ssl3().
|
||||
*
|
||||
* Since: 2.28
|
||||
*
|
||||
@ -304,14 +297,19 @@ g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
|
||||
* @conn: the #GTlsClientConnection
|
||||
* @use_ssl3: whether to use the lowest-supported protocol version
|
||||
*
|
||||
* If @use_ssl3 is %TRUE, this forces @conn to use the lowest-supported
|
||||
* TLS protocol version rather than trying to properly negotiate the
|
||||
* highest mutually-supported protocol version with the peer. This can
|
||||
* be used when talking to broken TLS servers that exhibit protocol
|
||||
* version intolerance.
|
||||
* Since 2.42.1, if @use_ssl3 is %TRUE, this forces @conn to use the
|
||||
* lowest-supported TLS protocol version rather than trying to properly
|
||||
* negotiate the highest mutually-supported protocol version with the
|
||||
* peer. Be aware that SSL 3.0 is generally disabled by the
|
||||
* #GTlsBackend, so the lowest-supported protocol version is probably
|
||||
* not SSL 3.0.
|
||||
*
|
||||
* Be aware that SSL 3.0 is generally disabled by the #GTlsBackend, so
|
||||
* the lowest-supported protocol version is probably not SSL 3.0.
|
||||
* Since 2.58, this may additionally cause an RFC 7507 fallback SCSV to
|
||||
* be sent to the server, causing modern TLS servers to immediately
|
||||
* terminate the connection. You should generally only use this function
|
||||
* if you need to connect to broken servers that exhibit TLS protocol
|
||||
* version intolerance, and when an initial attempt to connect to a
|
||||
* server normally has already failed.
|
||||
*
|
||||
* Since: 2.28
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user