[glib/mcatanzaro/gtlsconnection-changes] gtlsclientconnection: use-ssl3 is now ignored

[Michael Catanzaro <mcatanzaro src gnome org>]

commit 08fd003fb88e35ce45c0c153a7a98c37160fc554
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Thu Nov 14 11:58:56 2019 -0600

    gtlsclientconnection: use-ssl3 is now ignored
    
    For many years after SSL 3.0 support was removed, we used this function
    to indicate that we should perform protocol version fallback to the
    lowest-supported protocol version, to workaround protocol version
    intolerance. Nowadays this is no longer needed, and support has been
    removed from glib-networking, so update the documentation.

 gio/gtlsclientconnection.c | 52 ++++++++++++++++++++--------------------------
 1 file changed, 22 insertions(+), 30 deletions(-)
---
diff --git a/gio/gtlsclientconnection.c b/gio/gtlsclientconnection.c
index b38fad630..e0e5945eb 100644
--- a/gio/gtlsclientconnection.c
+++ b/gio/gtlsclientconnection.c
@@ -103,14 +103,12 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
   /**
    * GTlsClientConnection:use-ssl3:
    *
-   * If %TRUE, forces the connection to use a fallback version of TLS
-   * or SSL, rather than trying to negotiate the best version of TLS
-   * to use. See g_tls_client_connection_set_use_ssl3().
+   * SSL 3.0 is no longer supported. See
+   * g_tls_client_connection_set_use_ssl3() for details.
    *
    * Since: 2.28
    *
-   * Deprecated: 2.56: SSL 3.0 is insecure, and this property does not
-   * generally enable or disable it, despite its name.
+   * Deprecated: 2.56: SSL 3.0 is insecure.
    */
   g_object_interface_install_property (iface,
                                       g_param_spec_boolean ("use-ssl3",
@@ -270,16 +268,14 @@ g_tls_client_connection_set_server_identity (GTlsClientConnection *conn,
  * g_tls_client_connection_get_use_ssl3:
  * @conn: the #GTlsClientConnection
  *
- * Gets whether @conn will force the lowest-supported TLS protocol
- * version rather than attempt to negotiate the highest mutually-
- * supported version of TLS; see g_tls_client_connection_set_use_ssl3().
+ * SSL 3.0 is no longer supported. See
+ * g_tls_client_connection_set_use_ssl3() for details.
  *
- * Returns: whether @conn will use the lowest-supported TLS protocol version
+ * Returns: %FALSE
  *
  * Since: 2.28
  *
- * Deprecated: 2.56: SSL 3.0 is insecure, and this function does not
- * actually indicate whether it is enabled.
+ * Deprecated: 2.56: SSL 3.0 is insecure.
  */
 gboolean
 g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
@@ -289,32 +285,28 @@ g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
   g_return_val_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn), 0);
 
   g_object_get (G_OBJECT (conn), "use-ssl3", &use_ssl3, NULL);
-  return use_ssl3;
+  return FALSE;
 }
 
 /**
  * g_tls_client_connection_set_use_ssl3:
  * @conn: the #GTlsClientConnection
- * @use_ssl3: whether to use the lowest-supported protocol version
- *
- * Since 2.42.1, if @use_ssl3 is %TRUE, this forces @conn to use the
- * lowest-supported TLS protocol version rather than trying to properly
- * negotiate the highest mutually-supported protocol version with the
- * peer. Be aware that SSL 3.0 is generally disabled by the
- * #GTlsBackend, so the lowest-supported protocol version is probably
- * not SSL 3.0.
- *
- * Since 2.58, this may additionally cause an RFC 7507 fallback SCSV to
- * be sent to the server, causing modern TLS servers to immediately
- * terminate the connection. You should generally only use this function
- * if you need to connect to broken servers that exhibit TLS protocol
- * version intolerance, and when an initial attempt to connect to a
- * server normally has already failed.
+ * @use_ssl3: a #gboolean, ignored
+ *
+ * Since GLib 2.42.1, SSL 3.0 is no longer supported.
+ *
+ * From GLib 2.42.1 through GLib 2.62, this function could be used to
+ * force use of TLS 1.0, the lowest-supported TLS protocol version at
+ * the time. In the past, this was needed to connect to broken TLS
+ * servers that exhibited protocol version intolerance. Such servers
+ * are no longer common, and using TLS 1.0 is no longer considered
+ * acceptable.
+ *
+ * Since GLib 2.64, this function does nothing.
  *
  * Since: 2.28
  *
- * Deprecated: 2.56: SSL 3.0 is insecure, and this function does not
- * generally enable or disable it, despite its name.
+ * Deprecated: 2.56: SSL 3.0 is insecure.
  */
 void
 g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,
@@ -322,7 +314,7 @@ g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,
 {
   g_return_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn));
 
-  g_object_set (G_OBJECT (conn), "use-ssl3", use_ssl3, NULL);
+  g_object_set (G_OBJECT (conn), "use-ssl3", FALSE, NULL);
 }
 
 /**