OLD | NEW |
---|---|
1 /* | 1 /* |
2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
3 * | 3 * |
4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
6 * | 6 * |
7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
121 #define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS SessionTicket */ | 121 #define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS SessionTicket */ |
122 /* extension (off by default) */ | 122 /* extension (off by default) */ |
123 #define SSL_ENABLE_DEFLATE 19 /* Enable TLS compression with */ | 123 #define SSL_ENABLE_DEFLATE 19 /* Enable TLS compression with */ |
124 /* DEFLATE (off by default) */ | 124 /* DEFLATE (off by default) */ |
125 #define SSL_ENABLE_RENEGOTIATION 20 /* Values below (default: never) */ | 125 #define SSL_ENABLE_RENEGOTIATION 20 /* Values below (default: never) */ |
126 #define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signalling */ | 126 #define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signalling */ |
127 /* Cipher Suite Value (SCSV) or */ | 127 /* Cipher Suite Value (SCSV) or */ |
128 /* Renegotiation Info (RI) */ | 128 /* Renegotiation Info (RI) */ |
129 /* extension in ALL handshakes. */ | 129 /* extension in ALL handshakes. */ |
130 /* default: off */ | 130 /* default: off */ |
131 #define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ | |
132 /* default, applies only to */ | |
133 /* clients). False start is a */ | |
134 /* mode where an SSL client will start sending application data before */ | |
135 /* verifing the server's Finished message. This means that we could end up */ | |
wtc
2010/02/20 00:39:51
Typo: verifing => verifying
| |
136 /* sending data to an imposter. However, the data will be encrypted and */ | |
137 /* only the true server can decrypt the session key. Thus, so long as the */ | |
wtc
2010/02/20 00:39:51
Nit: "can decrypt the session key" isn't entirely
| |
138 /* cipher isn't broken this is safe. Because of this, False Start will only */ | |
139 /* occur on RSA ciphersuites where the cipher's key length is >= 80 bits. */ | |
wtc
2010/02/20 00:39:51
Why only RSA ciphersuites?
| |
140 /* The advantage of False Start is that it saves a round trip for */ | |
141 /* client-speaks-first protocols when performing a full handshake. */ | |
131 | 142 |
132 #ifdef SSL_DEPRECATED_FUNCTION | 143 #ifdef SSL_DEPRECATED_FUNCTION |
133 /* Old deprecated function names */ | 144 /* Old deprecated function names */ |
134 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); | 145 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on); |
135 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); | 146 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on); |
136 #endif | 147 #endif |
137 | 148 |
138 /* New function names */ | 149 /* New function names */ |
139 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); | 150 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on); |
140 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); | 151 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on); |
(...skipping 484 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
625 ** Did the handshake with the peer negotiate the given extension? | 636 ** Did the handshake with the peer negotiate the given extension? |
626 ** Output parameter valid only if function returns SECSuccess | 637 ** Output parameter valid only if function returns SECSuccess |
627 */ | 638 */ |
628 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, | 639 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket, |
629 SSLExtensionType extId, | 640 SSLExtensionType extId, |
630 PRBool *yes); | 641 PRBool *yes); |
631 | 642 |
632 SEC_END_PROTOS | 643 SEC_END_PROTOS |
633 | 644 |
634 #endif /* __ssl_h_ */ | 645 #endif /* __ssl_h_ */ |
OLD | NEW |