diff options
| author | robot-contrib <robot-contrib@yandex-team.com> | 2023-03-02 10:05:41 +0300 |
|---|---|---|
| committer | robot-contrib <robot-contrib@yandex-team.com> | 2023-03-02 10:05:41 +0300 |
| commit | c8b3fb9dab5150585defd576d83647a12a84b990 (patch) | |
| tree | 918b7d8f1a373e70555914fd15aa4e0a8cc09940 /contrib/restricted/aws/s2n/api/s2n.h | |
| parent | 093b04166b8440db82cf0590a4beb6c5e8cd5668 (diff) | |
| download | ydb-c8b3fb9dab5150585defd576d83647a12a84b990.tar.gz | |
Update contrib/restricted/aws/s2n to 1.3.37
Diffstat (limited to 'contrib/restricted/aws/s2n/api/s2n.h')
| -rw-r--r-- | contrib/restricted/aws/s2n/api/s2n.h | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/contrib/restricted/aws/s2n/api/s2n.h b/contrib/restricted/aws/s2n/api/s2n.h index 558d371a03..9993a61062 100644 --- a/contrib/restricted/aws/s2n/api/s2n.h +++ b/contrib/restricted/aws/s2n/api/s2n.h @@ -1325,12 +1325,16 @@ S2N_API extern ssize_t s2n_client_hello_get_raw_message_length(struct s2n_client /** * Copies `max_length` bytes of the ClientHello message into the `out` buffer. * The ClientHello instrumented using this function will have the Random bytes - * zero-ed out. For SSLv2 ClientHello messages, the raw message contains only - * the cipher_specs, session_id and members portions of the hello message - * (see [RFC5246](https://tools.ietf.org/html/rfc5246#appendix-E.2)). To access other - * members, you may use s2n_connection_get_client_hello_version(), - * s2n_connection_get_client_protocol_version() and s2n_connection_get_session_id_length() - * accessors functions. + * zero-ed out. + * + * Note: SSLv2 ClientHello messages follow a different structure than more modern + * ClientHello messages. See [RFC5246](https://tools.ietf.org/html/rfc5246#appendix-E.2). + * In addition, due to how s2n-tls parses SSLv2 ClientHellos, the raw message is + * missing the first three bytes (the msg_type and version) and instead begins with + * the cipher_specs. To determine whether a ClientHello is an SSLv2 ClientHello, + * you will need to use s2n_connection_get_client_hello_version(). To get the + * protocol version advertised in the SSLv2 ClientHello (which may be higher + * than SSLv2), you will need to use s2n_connection_get_client_protocol_version(). * * @param ch The Client Hello handle * @param out The destination buffer for the raw Client Hello @@ -1351,6 +1355,11 @@ S2N_API extern ssize_t s2n_client_hello_get_cipher_suites_length(struct s2n_clie /** * Copies into the `out` buffer `max_length` bytes of the cipher_suites on the ClientHello. * + * Note: SSLv2 ClientHello cipher suites follow a different structure than modern + * ClientHello messages. See [RFC5246](https://tools.ietf.org/html/rfc5246#appendix-E.2). + * To determine whether a ClientHello is an SSLv2 ClientHello, + * you will need to use s2n_connection_get_client_hello_version(). + * * @param ch The Client Hello handle * @param out The destination buffer for the raw Client Hello cipher suites * @param max_length The size of out in bytes |