doc: updated text on priority strings

Refer to RFC7685 for the TLS padding extension (%DUMBFW),
and mention the default behavior for the TLS client hello record version.

3 files changed, 19 insertions, 3 deletions

diff --git a/doc/cha-bib.texi b/doc/cha-bib.texi
index e4a6f1be94..dc0a02e03a 100644
--- a/doc/cha-bib.texi
+++ b/doc/cha-bib.texi
@@ -31,6 +31,11 @@ Peter Saint-Andre and Jeff Hodges, "Representation and Verification of Domain-Ba
 March 2011, Available from
 @url{http://www.ietf.org/rfc/rfc6125.txt}.
 
+@item @anchor{RFC7685}[RFC7685]
+Adam Langley, "A Transport Layer Security (TLS) ClientHello Padding Extension",
+October 2015, Available from
+@url{http://www.ietf.org/rfc/rfc7685.txt}.
+
 @item @anchor{RFC2246}[RFC2246]
 Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0",
 January 1999, Available from
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 7d25a5b536..9bb5437544 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1191,12 +1191,13 @@ problematic clients and servers is achieved. More specifically this
 string would disable TLS record random padding, tolerate packets
 over the maximum allowed TLS record, and add a padding to TLS Client
 Hello packet to prevent it being in the 256-512 range which is known
-to be causing issues with a commonly used firewall.
+to be causing issues with a commonly used firewall (see the %DUMBFW option).
 
 @item %DUMBFW @tab
 will add a private extension with bogus data that make the client
 hello exceed 512 bytes. This avoids a black hole behavior in some
-firewalls. This is a non-standard TLS extension, use with care.
+firewalls. This is the @xcite{rfc7685} client hello padding extension, also enabled
+with %COMPAT.
 
 @item %NO_EXTENSIONS @tab
 will prevent the sending of any TLS extensions in client side. Note
@@ -1217,7 +1218,9 @@ and not the client's.
 
 @item %SSL3_RECORD_VERSION @tab
 will use SSL3.0 record version in client hello.
-This is the default.
+By default GnuTLS will set the minimum supported version as the
+client hello record version (do not confuse that version with the
+proposed handshake version at the client hello).
 
 @item %LATEST_RECORD_VERSION @tab
 will use the latest TLS version record version in client hello.
diff --git a/doc/latex/gnutls.bib b/doc/latex/gnutls.bib
index f242870b27..16f983dc45 100644
--- a/doc/latex/gnutls.bib
+++ b/doc/latex/gnutls.bib
@@ -51,6 +51,14 @@
 	url = "http://www.ietf.org/rfc/rfc6125"
 }
 
+@Misc{ RFC7685,
+	author = "Adam Langley",
+	title = "{A Transport Layer Security (TLS) ClientHello Padding Extension}",
+	month = "October",
+	year = "2015",
+	note = "Available from \url{http://www.ietf.org/rfc/rfc7685}",
+	url = "http://www.ietf.org/rfc/rfc7685"
+}
 @Misc{ RFC2246 ,
 	author = "Tim Dierks and Christopher Allen",
 	title = "{The TLS Protocol Version 1.0}",