[glib/mcatanzaro/gtlsconnection-changes: 10/10] gtlsclientconnection: use-ssl3 is now ignored
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib/mcatanzaro/gtlsconnection-changes: 10/10] gtlsclientconnection: use-ssl3 is now ignored
- Date: Mon, 18 Nov 2019 19:53:09 +0000 (UTC)
commit 9d2c949b542be9eceaae2c5bbaf33d86715b68b8
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Thu Nov 14 11:58:56 2019 -0600
gtlsclientconnection: use-ssl3 is now ignored
For many years after SSL 3.0 support was removed, we used this function
to indicate that we should perform protocol version fallback to the
lowest-supported protocol version, to workaround protocol version
intolerance. Nowadays this is no longer needed, and support has been
removed from glib-networking, so update the documentation.
gio/gtlsclientconnection.c | 52 ++++++++++++++++++++--------------------------
1 file changed, 22 insertions(+), 30 deletions(-)
---
diff --git a/gio/gtlsclientconnection.c b/gio/gtlsclientconnection.c
index b38fad630..e0e5945eb 100644
--- a/gio/gtlsclientconnection.c
+++ b/gio/gtlsclientconnection.c
@@ -103,14 +103,12 @@ g_tls_client_connection_default_init (GTlsClientConnectionInterface *iface)
/**
* GTlsClientConnection:use-ssl3:
*
- * If %TRUE, forces the connection to use a fallback version of TLS
- * or SSL, rather than trying to negotiate the best version of TLS
- * to use. See g_tls_client_connection_set_use_ssl3().
+ * SSL 3.0 is no longer supported. See
+ * g_tls_client_connection_set_use_ssl3() for details.
*
* Since: 2.28
*
- * Deprecated: 2.56: SSL 3.0 is insecure, and this property does not
- * generally enable or disable it, despite its name.
+ * Deprecated: 2.56: SSL 3.0 is insecure.
*/
g_object_interface_install_property (iface,
g_param_spec_boolean ("use-ssl3",
@@ -270,16 +268,14 @@ g_tls_client_connection_set_server_identity (GTlsClientConnection *conn,
* g_tls_client_connection_get_use_ssl3:
* @conn: the #GTlsClientConnection
*
- * Gets whether @conn will force the lowest-supported TLS protocol
- * version rather than attempt to negotiate the highest mutually-
- * supported version of TLS; see g_tls_client_connection_set_use_ssl3().
+ * SSL 3.0 is no longer supported. See
+ * g_tls_client_connection_set_use_ssl3() for details.
*
- * Returns: whether @conn will use the lowest-supported TLS protocol version
+ * Returns: %FALSE
*
* Since: 2.28
*
- * Deprecated: 2.56: SSL 3.0 is insecure, and this function does not
- * actually indicate whether it is enabled.
+ * Deprecated: 2.56: SSL 3.0 is insecure.
*/
gboolean
g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
@@ -289,32 +285,28 @@ g_tls_client_connection_get_use_ssl3 (GTlsClientConnection *conn)
g_return_val_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn), 0);
g_object_get (G_OBJECT (conn), "use-ssl3", &use_ssl3, NULL);
- return use_ssl3;
+ return FALSE;
}
/**
* g_tls_client_connection_set_use_ssl3:
* @conn: the #GTlsClientConnection
- * @use_ssl3: whether to use the lowest-supported protocol version
- *
- * Since 2.42.1, if @use_ssl3 is %TRUE, this forces @conn to use the
- * lowest-supported TLS protocol version rather than trying to properly
- * negotiate the highest mutually-supported protocol version with the
- * peer. Be aware that SSL 3.0 is generally disabled by the
- * #GTlsBackend, so the lowest-supported protocol version is probably
- * not SSL 3.0.
- *
- * Since 2.58, this may additionally cause an RFC 7507 fallback SCSV to
- * be sent to the server, causing modern TLS servers to immediately
- * terminate the connection. You should generally only use this function
- * if you need to connect to broken servers that exhibit TLS protocol
- * version intolerance, and when an initial attempt to connect to a
- * server normally has already failed.
+ * @use_ssl3: a #gboolean, ignored
+ *
+ * Since GLib 2.42.1, SSL 3.0 is no longer supported.
+ *
+ * From GLib 2.42.1 through GLib 2.62, this function could be used to
+ * force use of TLS 1.0, the lowest-supported TLS protocol version at
+ * the time. In the past, this was needed to connect to broken TLS
+ * servers that exhibited protocol version intolerance. Such servers
+ * are no longer common, and using TLS 1.0 is no longer considered
+ * acceptable.
+ *
+ * Since GLib 2.64, this function does nothing.
*
* Since: 2.28
*
- * Deprecated: 2.56: SSL 3.0 is insecure, and this function does not
- * generally enable or disable it, despite its name.
+ * Deprecated: 2.56: SSL 3.0 is insecure.
*/
void
g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,
@@ -322,7 +314,7 @@ g_tls_client_connection_set_use_ssl3 (GTlsClientConnection *conn,
{
g_return_if_fail (G_IS_TLS_CLIENT_CONNECTION (conn));
- g_object_set (G_OBJECT (conn), "use-ssl3", use_ssl3, NULL);
+ g_object_set (G_OBJECT (conn), "use-ssl3", FALSE, NULL);
}
/**
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]