diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-04-23 10:07:32 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-05-04 11:38:50 +0200 |
commit | fcd805e42c55024efab0e3b5e92d04c59c687930 (patch) | |
tree | 55e8a3058d75b5d56f705f1e73c4919c44536675 /doc/cha-gtls-app.texi | |
parent | a55d3f831e91ff7c358d1f634814724a0c0252e7 (diff) | |
download | gnutls-fcd805e42c55024efab0e3b5e92d04c59c687930.tar.gz |
doc: clarified re-handshake details under TLS1.2 server
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'doc/cha-gtls-app.texi')
-rw-r--r-- | doc/cha-gtls-app.texi | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 811f84db6c..c775f4b2c1 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1788,7 +1788,11 @@ A server which wants to instruct the client to re-authenticate, should call @funcref{gnutls_rehandshake} and wait for the client to re-authenticate. It is recommended to only request re-handshake when safe renegotiation is enabled for that session (see @funcref{gnutls_safe_renegotiation_status} and -the discussion in @ref{Safe renegotiation}). +the discussion in @ref{Safe renegotiation}). A server could also encounter +the GNUTLS_E_REHANDSHAKE error code while receiving data. That indicates +a client-initiated re-handshake request. In that case the server could +ignore that request, perform handshake (unsafe when done generally), or +even drop the connection. @showfuncdesc{gnutls_rehandshake} |