diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-10-30 18:39:03 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-10-30 18:39:03 +0000 |
commit | 022d8196cb2fee0cf8a1310aa2fbcabc9c463b90 (patch) | |
tree | 99dd02562f68165fea07e8855bf4f4b1e693d7bd | |
parent | fc7d25527f41028f15da216e2ffa087becaf7eff (diff) | |
download | gnutls-022d8196cb2fee0cf8a1310aa2fbcabc9c463b90.tar.gz |
Corrected some things in documentation. Got from Debian bug tracking system, Reported by Ivan Nestlerode <nestler@speakeasy.net>
-rw-r--r-- | doc/tex/auth.tex | 5 | ||||
-rw-r--r-- | doc/tex/handshake.tex | 7 | ||||
-rw-r--r-- | doc/tex/howto.tex | 7 |
3 files changed, 10 insertions, 9 deletions
diff --git a/doc/tex/auth.tex b/doc/tex/auth.tex index b2588938b3..b5d028bfcb 100644 --- a/doc/tex/auth.tex +++ b/doc/tex/auth.tex @@ -29,8 +29,9 @@ the key to be used for signing. Note that key exchange algorithms which use Ephemeral Diffie Hellman parameters, offer perfect forward secrecy. \\ \hline -DHE\_DSS & The DSS\footnote{DSS stands for Digital Signature Standard} algorithm is used to sign Ephemeral Diffie Hellman -parameters which are sent to the peer. +DHE\_DSS & The DSS algorithm is used to sign Ephemeral Diffie Hellman +parameters which are sent to the peer. DSS stands for Digital Signature +Standard. \\ \hline \end{tabular} diff --git a/doc/tex/handshake.tex b/doc/tex/handshake.tex index e34889aa07..3b1a8305cc 100644 --- a/doc/tex/handshake.tex +++ b/doc/tex/handshake.tex @@ -39,10 +39,9 @@ In the case of ciphersuites that use certificate authentication, the authentication\index{Certificate authentication!Client} of the client is optional in \tls{}. A server may request a certificate from the client -- using the \printfunc{gnutls_certificate_server_set_request}{gnutls\_certificate\_server\_set\_request} -function. If a certificate is to be requested by the client, at the handshake -procedure, the server will send an extra packet, -than contains a list of acceptable certificate signers, and indicates the -request of a certificate. The client may then send a certificate, signed +function. If a certificate is to be requested from the client during the handshake, +the server will send a certificate request message that contains +a list of acceptable certificate signers. The client may then send a certificate, signed by one of the server's acceptable signers. In \gnutls{} the server's acceptable signers list is constructed using the trusted CA certificates in the credentials structure. diff --git a/doc/tex/howto.tex b/doc/tex/howto.tex index 73d8d4e2e5..19997ace22 100644 --- a/doc/tex/howto.tex +++ b/doc/tex/howto.tex @@ -7,10 +7,11 @@ over simple custom made application protocols. The discussion below mainly refers to the \emph{TCP/IP} transport layer but may be extended to other ones too. -\section{The traditional way} +\section{Separate ports} Traditionally \ssl{} was used in application protocols by assigning -a new port number for the secure services. That way two ports were assigned, one for the +a new port number for the secure services. That way two separate +ports were assigned, one for the non secure sessions, and one for the secured ones. This has the benefit that if a user requests a secure session then the client will try to connect to the secure port and fail otherwise. The only possible attack @@ -34,7 +35,7 @@ unnecessary complication. Due to the fact that there is a limitation on the available privileged ports, this approach was soon obsoleted. -\section{A different approach} +\section{Upward negotiation} Other application protocols\footnote{See LDAP, IMAP etc.} use a different approach to enable the secure layer. They use something called the ``TLS upgrade'' method. This method |