Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: fix incorrect README references #4863

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

jouho
Copy link
Contributor

@jouho jouho commented Oct 30, 2024

Resolved issues:

This is one of the ORR action items to fix documentations:

A PR should be raised to fix the following items.

* remove the reference to 6,000 lines of code
* remove the reference to “unsupported session renegotiation”

Description of changes:

  • Removed "6,000 lines of code" reference. I could put updated number but the number will be changing so I'm voting to simply remove it.
  • Fixed documentations around session renegotiation. My understanding is that session renegotiation is now supported for s2n-tls clients, but not for s2n-tls servers based on this comment:
    * @note Calling this method on a server connection will fail. s2n-tls servers do not support renegotiation.

Call-outs:

Testing:

This is a documentation update.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Oct 30, 2024
@jouho jouho marked this pull request as ready for review October 30, 2024 00:31
s2n-tls servers do not support renegotiation
and do not allow clients to renegotiate.
s2n-tls servers do not support renegotiation.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was correct as-is. s2n-tls clients can support renegotiation, but servers do not support renegotiation. Same for the others.

Comment on lines -33 to -35
/* RFC 5246 6.1: If a TLS implementation would need to wrap a sequence number, it must
* renegotiate instead. We don't support renegotiation. Caller needs to create a new session.
* This condition is very unlikely. It requires 2^64 - 1 records to be sent.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be clear, we still never trigger renegotiation, and certainly not because the record number cap was reached. It's an unstable feature only available for clients and currently purely used for delayed client auth.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants